diff --git a/extensions/markdown/src/security.ts b/extensions/markdown/src/security.ts index 693a00ba7eb..5c269f7fb26 100644 --- a/extensions/markdown/src/security.ts +++ b/extensions/markdown/src/security.ts @@ -73,11 +73,6 @@ export class ExtensionContentSecurityPolicyArbiter implements ContentSecurityPol } } - -interface PreviewSecurityPickItem extends vscode.QuickPickItem { - level: MarkdownPreviewSecurityLevel; -} - export class PreviewSecuritySelector { public constructor( @@ -86,6 +81,10 @@ export class PreviewSecuritySelector { ) { } public async showSecutitySelectorForResource(resource: vscode.Uri): Promise { + interface PreviewSecurityPickItem extends vscode.QuickPickItem { + type: 'moreinfo' | MarkdownPreviewSecurityLevel; + } + function markActiveWhen(when: boolean): string { return when ? '• ' : ''; } @@ -94,18 +93,22 @@ export class PreviewSecuritySelector { const selection = await vscode.window.showQuickPick( [ { - level: MarkdownPreviewSecurityLevel.Strict, + type: MarkdownPreviewSecurityLevel.Strict, label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.Strict) + localize('strict.title', 'Strict'), description: localize('strict.description', 'Only load secure content'), }, { - level: MarkdownPreviewSecurityLevel.AllowInsecureContent, + type: MarkdownPreviewSecurityLevel.AllowInsecureContent, label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.AllowInsecureContent) + localize('insecureContent.title', 'Allow insecure content'), description: localize('insecureContent.description', 'Enable loading content over http'), }, { - level: MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent, + type: MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent, label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent) + localize('disable.title', 'Disable'), description: localize('disable.description', 'Allow all content and script execution. Not recommended'), - }, + }, { + type: 'moreinfo', + label: localize('moreInfo.title', 'More Information'), + description: '' + } ], { placeHolder: localize( 'preview.showPreviewSecuritySelector.title', @@ -116,7 +119,12 @@ export class PreviewSecuritySelector { return; } - await this.cspArbiter.setSecurityLevelForResource(resource, selection.level); + if (selection.type === 'moreinfo') { + vscode.commands.executeCommand('vscode.open', vscode.Uri.parse('https://go.microsoft.com/fwlink/?linkid=854414')); + return; + } + + await this.cspArbiter.setSecurityLevelForResource(resource, selection.type); const sourceUri = getMarkdownUri(resource);