notebook: adopt trusted types for renderer

Ref https://github.com/microsoft/vscode/issues/108400
2020-12-09 08:59:50 -08:00 · 2020-12-09 08:59:50 -08:00 · b1e7f915d4
commit b1e7f915d4
parent 90724cd823
1 changed files with 4 additions and 1 deletions
--- a/src/vs/workbench/contrib/notebook/browser/view/renderers/webviewPreloads.ts
+++ b/src/vs/workbench/contrib/notebook/browser/view/renderers/webviewPreloads.ts
@ -387,6 +387,8 @@ function webviewPreloads() {
 		queuedOuputActions.set(event.outputId, promise);
 	};

+	const ttPolicy = window.trustedTypes?.createPolicy('notebookOutputRenderer', { createHTML: value => value });
+
 	window.addEventListener('wheel', handleWheel);

 	window.addEventListener('message', rawEvent => {
@ -430,7 +432,8 @@ function webviewPreloads() {
 					addMouseoverListeners(outputNode, outputId);
 					const content = data.content;
 					if (content.type === RenderOutputType.Html) {
-						outputNode.innerHTML = content.htmlContent;
+						const trustedHtml = ttPolicy ? ttPolicy.createHTML(content.htmlContent) : content.htmlContent;
+						outputNode.innerHTML = trustedHtml as unknown as string;
 						cellOutputContainer.appendChild(outputNode);
 						domEval(outputNode);
 					} else if (preloadResults.some(e => e?.state === PreloadState.Error)) {