Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2025-12-24 12:19:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add codeql comments and small fix (#185931)

Browse Source
This commit is contained in:
Matt Bierner
2023-06-22 17:40:39 -07:00
committed by GitHub
parent 04a2bbc6e0
commit 5ee455116f
6 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/markdown-language-features/preview-src/index.ts
View File

@@ -194,7 +194,7 @@ window.addEventListener('message', async event => {
const root = document.querySelector('.markdown-body')!;
const parser = new DOMParser();
const newContent = parser.parseFromString(data.content, 'text/html');
const newContent = parser.parseFromString(data.content, 'text/html'); // CodeQL [SM03712] This renderers content from the workspace into the Markdown preview. Webviews (and the markdown preview) have many other security measures in place to make this safe
// Strip out meta http-equiv tags
for (const metaElement of Array.from(newContent.querySelectorAll('meta'))) {