jupyter · brichet · Apr 17, 2026 · Jan 9, 2026 · Feb 27, 2026 · Feb 27, 2026
diff --git a/nbgrader/server_extensions/validate_assignment/handlers.py b/nbgrader/server_extensions/validate_assignment/handlers.py
@@ -6,6 +6,7 @@
 
 from tornado import web
 from textwrap import dedent
+from pathlib import Path
 
 from jupyter_server.utils import url_path_join as ujoin
 from jupyter_server.base.handlers import JupyterHandler
@@ -38,8 +39,11 @@ def load_config(self):
         return app.config
 
     def validate_notebook(self, path):
-        fullpath = os.path.join(self.root_dir, path)
-
+        root = Path(self.root_dir).resolve()
+        target = (root / path).resolve()
+        if not target.is_relative_to(root):
+            raise web.HTTPError(403, "Access denied: path outside allowed directory")
+        fullpath = str(target)
         try:
             config = self.load_config()
             validator = Validator(config=config)
@@ -144,4 +148,4 @@ def load_jupyter_server_extension(nbapp):
     webapp.add_handlers(".*$", [
         (ujoin(base_url, pat), handler)
         for pat, handler in default_handlers
-    ])
+    ])