Add CSP
This commit is contained in:
Matt Bierner
parent
f735e062f3
commit
a25c6e6660
1 changed files with 6 additions and 2 deletions
|
|
@ -124,6 +124,8 @@ export class Preview extends Disposable {
|
|||
src: this.getResourcePath(this.webviewEditor, this.resource, version),
|
||||
};
|
||||
|
||||
const nonce = Date.now().toString();
|
||||
|
||||
return /* html */`<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
|
|
@ -131,14 +133,16 @@ export class Preview extends Disposable {
|
|||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||
<title>Image Preview</title>
|
||||
<link rel="stylesheet" class="code-user-style" href="${escapeAttribute(this.extensionResource('/media/main.css'))}" type="text/css" media="screen">
|
||||
|
||||
<link rel="stylesheet" href="${escapeAttribute(this.extensionResource('/media/main.css'))}" type="text/css" media="screen" nonce="${nonce}">
|
||||
|
||||
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${this.webviewEditor.webview.cspSource}; script-src 'nonce-${nonce}'; style-src 'self' 'nonce-${nonce}';">
|
||||
<meta id="image-preview-settings" data-settings="${escapeAttribute(JSON.stringify(settings))}">
|
||||
</head>
|
||||
<body class="container image scale-to-fit loading">
|
||||
<div class="loading-indicator"></div>
|
||||
<div class="image-load-error-message">${localize('preview.imageLoadError', "An error occurred while loading the image")}</div>
|
||||
<script src="${escapeAttribute(this.extensionResource('/media/main.js'))}"></script>
|
||||
<script src="${escapeAttribute(this.extensionResource('/media/main.js'))}" nonce="${nonce}"></script>
|
||||
</body>
|
||||
</html>`;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue