Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2025-12-20 02:08:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Duplicate CodeQL suppression comment (#194036)

Browse Source 
* Duplicate CodeQL suppression comment

* Another one
This commit is contained in:
Raymond Zhao
2023-09-25 15:15:15 -07:00
committed by GitHub
parent 8a7288ffe4
commit 55f6606c7c
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/vs/base/worker/workerMain.ts
View File

@@ -84,7 +84,7 @@
text = `${text}\n//# sourceURL=${loaderSrc}`;
const func = (
trustedTypesPolicy
? globalThis.eval(trustedTypesPolicy.createScript('', text) as unknown as string)
? globalThis.eval(trustedTypesPolicy.createScript('', text) as unknown as string) // CodeQL [SM01632] fetch + eval is used on the web worker instead of importScripts if possible because importScripts is synchronous and we observed deadlocks on Safari
: new Function(text) // CodeQL [SM01632] fetch + eval is used on the web worker instead of importScripts if possible because importScripts is synchronous and we observed deadlocks on Safari
);
func.call(globalThis);

2
src/vs/loader.js
View File

@@ -705,7 +705,7 @@ var AMDLoader;
}).then((text) => {
text = `${text}\n//# sourceURL=${scriptSrc}`;
const func = (trustedTypesPolicy
? self.eval(trustedTypesPolicy.createScript('', text))
? self.eval(trustedTypesPolicy.createScript('', text)) // CodeQL [SM01632] the loader is responsible with loading code, fetch + eval is used on the web worker instead of importScripts if possible because importScripts is synchronous and we observed deadlocks on Safari
: new Function(text) // CodeQL [SM01632] the loader is responsible with loading code, fetch + eval is used on the web worker instead of importScripts if possible because importScripts is synchronous and we observed deadlocks on Safari
);
func.call(self);