add AllowInsecureLocalContent option to MarkdownPreviewSecurityLevel (#46473)

extensions/markdown-language-features/src/security.ts

@@ -14,7 +14,8 @@ const localize = nls.loadMessageBundle();
 export enum MarkdownPreviewSecurityLevel {
 	Strict = 0,
 	AllowInsecureContent = 1,
-	AllowScriptsAndAllContent = 2
+	AllowScriptsAndAllContent = 2,
+	AllowInsecureLocalContent = 3
 }
 
 export interface ContentSecurityPolicyArbiter {
@@ -109,6 +110,10 @@ export class PreviewSecuritySelector {
 					type: MarkdownPreviewSecurityLevel.Strict,
 					label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.Strict) + localize('strict.title', 'Strict'),
 					description: localize('strict.description', 'Only load secure content'),
+				}, {
+					type: MarkdownPreviewSecurityLevel.AllowInsecureLocalContent,
+					label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.AllowInsecureLocalContent) + localize('insecureLocalContent.title', 'Allow insecure local content'),
+					description: localize('insecureLocalContent.description', 'Enable loading content over http served from localhost'),
 				}, {
 					type: MarkdownPreviewSecurityLevel.AllowInsecureContent,
 					label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.AllowInsecureContent) + localize('insecureContent.title', 'Allow insecure content'),
@@ -133,7 +138,6 @@ export class PreviewSecuritySelector {
 					'preview.showPreviewSecuritySelector.title',
 					'Select security settings for Markdown previews in this workspace'),
 			});
-
 		if (!selection) {
 			return;
 		}