maxmustermann/vscode
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix #119384

Browse source
This commit is contained in:
Benjamin Pasero 2021-03-24 12:24:47 +01:00
parent 47f0413ea2
commit a34297a608
No known key found for this signature in database
GPG key ID: E6380CC4C8219E65
2 changed files with 28 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/vs/code/electron-main/protocol.ts
View file

@ -13,12 +13,14 @@ import { ILogService } from 'vs/platform/log/common/log';
import { TernarySearchTree } from 'vs/base/common/map';
import { isLinux, isPreferringBrowserCodeLoad } from 'vs/base/common/platform';
import { IWindowsMainService } from 'vs/platform/windows/electron-main/windows';
import { extname } from 'vs/base/common/resources';
type ProtocolCallback = { (result: string | Electron.FilePathWithHeaders | { error: number }): void };
export class FileProtocolHandler extends Disposable {
private readonly validRoots = TernarySearchTree.forUris<boolean>(() => !isLinux);
private readonly validExtensions = new Set(['.png', '.jpg', '.jpeg', '.gif', '.bmp']); // https://github.com/microsoft/vscode/issues/119384
constructor(
@INativeEnvironmentService environmentService: INativeEnvironmentService,
@ -85,14 +87,23 @@ export class FileProtocolHandler extends Disposable {
const fileUri = URI.parse(request.url);
// isPreferringBrowserCodeLoad: false
// => ensure the file path is in our expected roots
if (!isPreferringBrowserCodeLoad) {
// first check by validRoots
if (this.validRoots.findSubstr(fileUri)) {
return callback({
path: fileUri.fsPath
});
}
// then check by validExtensions
if (this.validExtensions.has(extname(fileUri))) {
return callback({
path: fileUri.fsPath
});
}
// finally block to load the resource
this.logService.error(`${Schemas.file}: Refused to load resource ${fileUri.fsPath} from ${Schemas.file}: protocol (original URL: ${request.url})`);
return callback({ error: -3 /* ABORTED */ });
@ -114,14 +125,24 @@ export class FileProtocolHandler extends Disposable {
// ensure the root is valid and properly tell Chrome where the
// resource is at.
const fileUri = FileAccess.asFileUri(uri);
// first check by validRoots
if (this.validRoots.findSubstr(fileUri)) {
return callback({
path: fileUri.fsPath
});
} else {
this.logService.error(`${Schemas.vscodeFileResource}: Refused to load resource ${fileUri.fsPath} from ${Schemas.vscodeFileResource}: protocol (original URL: ${request.url})`);
return callback({ error: -3 /* ABORTED */ });
}
// then check by validExtensions
if (this.validExtensions.has(extname(fileUri))) {
return callback({
path: fileUri.fsPath
});
}
// finally block to load the resource
this.logService.error(`${Schemas.vscodeFileResource}: Refused to load resource ${fileUri.fsPath} from ${Schemas.vscodeFileResource}: protocol (original URL: ${request.url})`);
return callback({ error: -3 /* ABORTED */ });
}
}

4
src/vs/platform/windows/electron-main/window.ts
View file

@ -418,7 +418,7 @@ export class CodeWindow extends Disposable implements ICodeWindow {
const uri = URI.parse(details.url);
// Prevent loading of remote svgs
if (uri && uri.path.endsWith('.svg')) {
if (uri.path.endsWith('.svg')) {
const safeScheme = svgFileSchemes.has(uri.scheme) || uri.path.includes(Schemas.vscodeRemoteResource);
if (!safeScheme) {
return callback({ cancel: true });
@ -438,7 +438,7 @@ export class CodeWindow extends Disposable implements ICodeWindow {
// https://github.com/microsoft/vscode/issues/97564
// ensure local svg files have Content-Type image/svg+xml
if (uri && uri.path.endsWith('.svg')) {
if (uri.path.endsWith('.svg')) {
if (svgFileSchemes.has(uri.scheme)) {
responseHeaders['Content-Type'] = ['image/svg+xml'];