mirror of
https://github.com/microsoft/vscode.git
synced 2026-04-23 01:58:53 +01:00
4ebfc2fc18
Adds enhanced security settings for the markdown preview. The new flow disable all scripts within the preview itself. Users can enable scripts on a per workspace basis. When a markdown document that uses scripts is loaded, a warning is shown inside the document itself. This warning triggers a new security selector quick pick which allows users to enable or disable enahanced security in the workspace.
32 lines
1.3 KiB
JavaScript
32 lines
1.3 KiB
JavaScript
/*---------------------------------------------------------------------------------------------
|
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
* Licensed under the MIT License. See License.txt in the project root for license information.
|
|
*--------------------------------------------------------------------------------------------*/
|
|
|
|
'use strict';
|
|
|
|
(function () {
|
|
const settings = JSON.parse(document.getElementById('vscode-markdown-preview-data').getAttribute('data-settings'));
|
|
const strings = JSON.parse(document.getElementById('vscode-markdown-preview-data').getAttribute('data-strings'));
|
|
|
|
let didShow = false;
|
|
|
|
document.addEventListener('securitypolicyviolation', () => {
|
|
if (didShow) {
|
|
return;
|
|
}
|
|
didShow = true;
|
|
const args = [settings.previewUri];
|
|
|
|
const notification = document.createElement('a');
|
|
notification.innerText = strings.cspAlertMessageText;
|
|
notification.setAttribute('id', 'code-csp-warning');
|
|
notification.setAttribute('title', strings.cspAlertMessageTitle);
|
|
|
|
notification.setAttribute('role', 'button');
|
|
notification.setAttribute('aria-label', strings.cspAlertMessageLabel);
|
|
notification.setAttribute('href', `command:markdown.showPreviewSecuritySelector?${encodeURIComponent(JSON.stringify(args))}`);
|
|
|
|
document.body.appendChild(notification);
|
|
});
|
|
}()); |