Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-04-23 18:19:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

💄 insane options creation

Browse Source
This commit is contained in:
Johannes Rieken
2020-10-15 17:49:21 +02:00
parent 4e953775d8
commit caf096c408
1 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/vs/base/browser/dom.ts
View File

@@ -1315,24 +1315,24 @@ export function detectFullscreen(): IDetectedFullscreen | null {
// -- sanitize and trusted html
function newInsaneOptions(allowedTags: string[], allowedAttributesForAll: string[], allowedAttributes: Record<string, string[]>): InsaneOptions {
for (let tag of allowedTags) {
let array = allowedAttributes[tag];
if (!array) {
array = allowedAttributesForAll;
} else {
array = array.concat(allowedAttributesForAll);
}
allowedAttributes[tag] = array;
}
const value: InsaneOptions = {
allowedTags,
allowedAttributes,
allowedSchemes: ['http', 'https', 'command']
};
return value;
}
function _extInsaneOptions(opts: InsaneOptions, allowedAttributesForAll: string[]): InsaneOptions {
let allowedAttributes: Record<string, string[]> = opts.allowedAttributes ?? {};
if (opts.allowedTags) {
for (let tag of opts.allowedTags) {
let array = allowedAttributes[tag];
if (!array) {
array = allowedAttributesForAll;
} else {
array = array.concat(allowedAttributesForAll);
}
allowedAttributes[tag] = array;
}
}
return { ...opts, allowedAttributes };
}
const _ttpSafeInnerHtml = window.trustedTypes?.createPolicy('safeInnerHtml', {
createHTML(value, options: InsaneOptions) {
@@ -1345,10 +1345,9 @@ const _ttpSafeInnerHtml = window.trustedTypes?.createPolicy('safeInnerHtml', {
*/
export function safeInnerHtml(node: HTMLElement, value: string): void {
const options = newInsaneOptions(
['a', 'button', 'code', 'div', 'h1', 'h2', 'h3', 'input', 'label', 'li', 'p', 'pre', 'select', 'small', 'span', 'textarea', 'ul'],
['class', 'id', 'role', 'tabindex'],
{
const options = _extInsaneOptions({
allowedTags: ['a', 'button', 'code', 'div', 'h1', 'h2', 'h3', 'input', 'label', 'li', 'p', 'pre', 'select', 'small', 'span', 'textarea', 'ul'],
allowedAttributes: {
'a': ['href'],
'button': ['data-href'],
'input': ['type', 'placeholder', 'checked', 'required'],
@@ -1356,8 +1355,9 @@ export function safeInnerHtml(node: HTMLElement, value: string): void {
'select': ['required'],
'span': ['data-command', 'role'],
'textarea': ['name', 'placeholder', 'required'],
}
);
},
allowedSchemes: ['http', 'https', 'command']
}, ['class', 'id', 'role', 'tabindex']);
const html = _ttpSafeInnerHtml?.createHTML(value, options) ?? insane(value, options);
node.innerHTML = html as unknown as string;