Breaking Out of Restricted Mode: XSS to RCE in Visual Studio Code
Author: Devesh Logendran (STAR Labs SG) Published: May 14, 2025 Source: https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/ Summary STAR Labs detailed a cross-site scripting flaw in Visual Studio Code’s Jupyter notebook error rendering that can be chained into full remote code execution. A crafted .ipynb file triggers unsanitized HTML in the “minimal error” renderer, executing JavaScript inside a VS Code … Read more