Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-05-02 06:21:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Block svg images in markdown preview by default

Browse Source
This commit is contained in:
Matt Bierner
2017-07-24 15:29:01 -07:00
parent 75fd5a7f29
commit 6a10043e8d
7 changed files with 80 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
extensions/markdown/src/security.ts
View File

@@ -22,6 +22,8 @@ export interface ContentSecurityPolicyArbiter {
getSecurityLevelForResource(resource: vscode.Uri): MarkdownPreviewSecurityLevel;
setSecurityLevelForResource(resource: vscode.Uri, level: MarkdownPreviewSecurityLevel): Thenable<void>;
shouldAllowSvgsForResource(resource: vscode.Uri): void;
}
export class ExtensionContentSecurityPolicyArbiter implements ContentSecurityPolicyArbiter {
@@ -50,6 +52,11 @@ export class ExtensionContentSecurityPolicyArbiter implements ContentSecurityPol
return this.globalState.update(this.security_level_key + this.getRoot(resource), level);
}
public shouldAllowSvgsForResource(resource: vscode.Uri) {
const securityLevel = this.getSecurityLevelForResource(resource);
return securityLevel === MarkdownPreviewSecurityLevel.AllowInsecureContent || securityLevel === MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent;
}
private getRoot(resource: vscode.Uri): vscode.Uri {
if (vscode.workspace.workspaceFolders) {
const folderForResource = vscode.workspace.getWorkspaceFolder(resource);
@@ -123,6 +130,14 @@ export class PreviewSecuritySelector {
await this.cspArbiter.setSecurityLevelForResource(resource, selection.level);
const sourceUri = getMarkdownUri(resource);
await vscode.commands.executeCommand('_workbench.htmlPreview.updateOptions',
sourceUri,
{
allowScripts: true,
allowSvgs: this.cspArbiter.shouldAllowSvgsForResource(resource)
});
this.contentProvider.update(sourceUri);
}
}