Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2025-12-24 12:19:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add telemetry+warning for webviews that don't have a content security policy

Browse Source 
Fixes #79248
This commit is contained in:
Matt Bierner
2019-08-15 15:15:36 -07:00
parent 883ae9069a
commit 1bbf3b3fa6
3 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/markdown-language-features/src/features/previewContentProvider.ts
View File

@@ -209,7 +209,7 @@ export class MarkdownContentProvider {
return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*; media-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*; script-src 'nonce-${nonce}'; style-src 'self' ${rule} 'unsafe-inline' https: data: http://localhost:* http://127.0.0.1:*; font-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*;">`;
case MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent:
return '';
return '<meta http-equiv="Content-Security-Policy" content="">';
case MarkdownPreviewSecurityLevel.Strict:
default: