Matt Bierner
cbf9ae23ed
* Allow loading webview outside of file: origin **Problem** Webviews are currently always loaded from a file on the disk. This results in the webview running in the file origin, potentially allowing it to access any file on disk. If a webview fails to sanitize workspace or remote input, untrusted code could potentially access files on the user's system. **Fix** Add a new option to serve the webview out of a "data:" uri instead. This prevents access to `file://` resources. In order to allow webviews to still load resources from disk, add a new protocol called `vscode-core-resource://` that only allows access to resources inside of the vscode directory. Moves extension pages and our release notes to use this new option. These already are pretty locked down. We cannot move the htmlpreview command to use this option as it would break a huge number of existing extensions, however the new webview API will always have this new option enabled. * Shorted protocol name
Visual Studio Code - Open Source
VS Code is a new type of tool that combines the simplicity of a code editor with what developers need for their core edit-build-debug cycle. Code provides comprehensive editing and debugging support, an extensibility model, and lightweight integration with existing tools.
VS Code is updated monthly with new features and bug fixes. You can download it for Windows, macOS, and Linux on VS Code's website. To get the latest releases every day, you can install the Insiders version of VS Code. This builds from the master branch and is updated at least daily.
The vscode repository is where we do development and there are many ways you can participate in the project, for example:
- Submit bugs and feature requests and help us verify as they are checked in
- Review source code changes
- Review the documentation and make pull requests for anything from typos to new content
Contributing
If you are interested in fixing issues and contributing directly to the code base, please see the document How to Contribute, which covers the following:
- How to build and run from source
- The development workflow, including debugging and running tests
- Coding Guidelines
- Submitting pull requests
- Contributing to translations
Please see also our Code of Conduct.
Feedback
- Ask a question on Stack Overflow.
- Request a new feature on GitHub.
- Vote for popular feature requests.
- File a bug in GitHub Issues.
- Tweet us with other feedback.
Related Projects
Many of the core components and extensions to Code live in their own repositories on GitHub. For example, the node debug adapter and the mono debug adapter.
For a complete list, please see the Related Projects page on our wiki.
License
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the MIT License.