Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-04-24 02:28:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix 235221: Passing the markdown content to the webview via meta tag and purifying it before use

Browse Source
This commit is contained in:
Parasaran
2024-12-17 22:57:12 +05:30
parent 68410e1431
commit da1d8b9c8e
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/markdown-language-features/src/preview/documentRenderer.ts
View File

@@ -98,13 +98,13 @@ export class MdDocumentRenderer {
<meta id="vscode-markdown-preview-data"
data-settings="${escapeAttribute(JSON.stringify(initialData))}"
data-strings="${escapeAttribute(JSON.stringify(previewStrings))}"
data-state="${escapeAttribute(JSON.stringify(state || {}))}">
data-state="${escapeAttribute(JSON.stringify(state || {}))}"
data-md-content="${escapeAttribute(JSON.stringify(body.html))}">
<script src="${this._extensionResourcePath(resourceProvider, 'pre.js')}" nonce="${nonce}"></script>
${this._getStyles(resourceProvider, sourceUri, config, imageInfo)}
<base href="${resourceProvider.asWebviewUri(markdownDocument.uri)}">
</head>
<body class="vscode-body ${config.scrollBeyondLastLine ? 'scrollBeyondLastLine' : ''} ${config.wordWrap ? 'wordWrap' : ''} ${config.markEditorSelection ? 'showEditorSelection' : ''}">
${body.html}
${this._getScripts(resourceProvider, nonce)}
</body>
</html>`;