maxmustermann/vscode
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
87056 commits 463 branches 209 tags 638 MiB
Commit graph

58 commits

Author SHA1 Message Date
Matt Bierner 474d4951d8
Switch to dompurify for sanitizing markdown content (#131950) 
* Switch to dompurify for sanitizing markdown content

Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support

I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions

* Remove logging and renaming param

* Move dompurify to browser layer

* Fixing tests and how we check valid attributes

* Allow innerhtml in specific files

* Use isEqualNode instead of checking innerHTML directly

innerHTML can return different results on different browsers. Use `isEqualNode` instead

* Reapply fix for trusted types

* Enable ALLOW_UNKNOWN_PROTOCOLS

I beleive this is required since we allow links to commands and loading images over remote

* in -> of

* Fix check of protocol

* Enable two more safe tags
 2021-09-03 12:17:02 -07:00
Matt Bierner 6d2920473c
Fix #119786 
Incorrectly reverted part of an earlier fix
 2021-08-26 13:09:50 -07:00
Matt Bierner 188807087e
Don't transform data uris 
Fixes #131256
 2021-08-23 15:47:36 -07:00
Matt Bierner b88a5c3286
Fix spelling on properties 2021-08-18 19:03:33 -07:00
Matt Bierner 863eb4d80a
Make sure we always try rewriting domUris in markdown strings 
Fixes #119786

Not 100% this is the correct fix and needs testing in insiders to make sure it doesn't cause other regressions
 2021-08-04 16:33:02 -07:00
Matt Bierner 494cbbd02d
Organize imports in vs/base 2021-08-04 12:28:27 -07:00
João Moreno 4168941dee
remove domEvent 
related to #123487
 2021-06-09 16:37:09 +02:00
Connor Peet b168ece8de
markdown: add nbsp to unescaped sequences 2021-05-24 12:19:53 -07:00
Connor Peet b3c56f5281
testing: bad rendering of inline decorations for markdown messages 2021-05-18 11:27:19 -07:00
Johannes Rieken 5539322998 &quote; is ", re #115391 2021-02-16 09:20:54 +01:00
Johannes Rieken f3b4f3f6ac unescape characters that marked escaped, fixes https://github.com/microsoft/vscode/issues/115391 2021-02-15 14:11:55 +01:00
Thomas Neil James Shadwell 4566eebe4f
Fix typo in markdown sanitizer (#111258) 
There was / is a typo in `markdownRenderer.js` that allowed any *trusted* document to pass arbitrary HTML through the marked.js sanitizer provided it is wrapped in `<span></span>` tags, or similar.

What could you have done with this? Not much that was not already possible in trusted mode, which, as far as I can tell is used just for Jypiter Notebooks that pretty much definitionally can execute Python anyway.

Insane strips everything worthwhile except `<a data-href=''/>` which you can use to send `command:` URIs on click (`javascript:` URIs are disabled at a higher level of abstraction), but are already whitelisted (L141) for trusted documents.
 2021-01-14 17:26:10 -08:00
Martin Aeschlimann 6260e655bc codicons -> iconLabels 2020-12-16 13:57:28 +01:00
Alex Ross a1b6de9336 Fix markdown span style filter 
Fixes #112606
 2020-12-16 13:55:38 +01:00
Martin Aeschlimann 50d0d5f0d2 Theme icon modifiers should work everywhere. Fixes #112298 2020-12-11 16:48:45 +01:00
Damien Engels 5865aeaa7b Rewrites Trusted Types sink assignements 
Moves the casts to the sink assignement expression so that tsec can
recognize it.
 2020-12-08 08:40:05 +01:00
Johannes Rieken ad6f4faafb use better name for async markdown rendering, https://github.com/microsoft/vscode/issues/67806 2020-11-18 16:25:56 +01:00
Johannes Rieken f5a7eb3848 markdown renderer listens to img load and sends resize events, https://github.com/microsoft/vscode/issues/67806 2020-11-18 16:25:56 +01:00
Alex Ross b0a7c8496d
IconLabel markdown title debt (#109914) 
Fixes #109231
 2020-11-05 11:15:53 +01:00
Matt Bierner 265a2f6424 Supress marked logging for using sanitize 
Fixes #109904
 2020-11-03 14:47:30 -08:00
Matt Bierner 8f1117bf44 Extract some functions in markdown renderer 2020-10-19 16:58:09 -07:00
Johannes Rieken 9c05b47e0f 💄 for events 2020-10-08 10:11:49 +02:00
Johannes Rieken a8cf19d34a use tt policy when rendering html from markdown, https://github.com/microsoft/vscode/issues/106396 2020-10-08 10:07:46 +02:00
Johannes Rieken 9073a3cc0d chore - consolidate markdown rendering more, reduce innerHTML usage, related https://github.com/microsoft/vscode/issues/106395 2020-10-07 16:36:04 +02:00
Benjamin Pasero ee8378e806 file access - merge asDomUri into 2020-09-25 18:04:38 +02:00
Johannes Rieken ef4df1d1aa remove old renderCodicons-function, rename renderCodiconsAsElement to renderCodicons 2020-09-14 09:22:22 +02:00
Johannes Rieken e3380f2682 don't use renderCodicons any more, https://github.com/microsoft/vscode/issues/105799 2020-09-14 09:20:35 +02:00
jeanp413 ace080a622 Fixes #104776 2020-08-17 23:12:03 -05:00
Johannes Rieken f1e08f5372 crop suggest details length, and markdown value length so that UX doesn't freeze, fixes https://github.com/microsoft/vscode/issues/100949 2020-07-06 12:32:05 +02:00
Rob Lourens acf81e122d Fix loading images from http in markdown cells 
Fix #99386
 2020-06-15 14:31:35 -05:00
Andrii Dieiev eadd81d7c3
Allow table specific tags for markdown in hovers (fixes #99983) (#99988) 
fixes #99983
 2020-06-12 17:00:41 +02:00
Alex Ross 3dba3b1126 Fix codicons in hovers 
Part of https://github.com/microsoft/vscode/issues/99825
 2020-06-11 15:24:08 +02:00
Alex Ross 464f3de63c
Allow style in span in markdown (#97793) 
Part of #40607
 2020-05-29 09:54:32 +02:00
Rob Lourens 478ba180b3 Fix command links, http links, file links in markdown cells 2020-05-26 13:37:16 -05:00
Rob Lourens 93c2e7b0f6 Support relative paths for links/images in markdown 
Fix #97813
 2020-05-14 11:49:47 -05:00
Pine Wu ff99db8ca3 Fix #95937 2020-04-24 13:27:14 -07:00
Pine Wu 1a26964e96 Fix #95094 2020-04-22 12:39:40 -07:00
Johannes Rieken f71ee8c9e8 When generating markdown, then only decode domURIs, https://github.com/microsoft/vscode/issues/90855 2020-03-03 16:23:07 +01:00
Peng Lyu 41b6008ee3 markdown renderer support marked options. 2020-02-20 09:47:07 -08:00
Miguel Solorio 82ed3d45ee Revert "Merge pull request #87320 from microsoft/misolori/codicon-consolidation" 
This reverts commit 6c9b23edc4, reversing
changes made to 085abd5f1a.
 2019-12-19 13:44:49 -08:00
Miguel Solorio 641543b6ee Consolidate codicon files to vs/base/parts/codicon 2019-12-18 22:30:07 -08:00
Eric Amodio 7bb8b0084f Fixes #84695 - codicons in hovers 2019-12-11 17:30:32 -05:00
Eric Amodio a868166d9e Removes codicons support in markdown images 
Will come back in a different form soon
 2019-12-03 17:35:57 -05:00
Johannes Rieken c26146d7c5 fix https://github.com/microsoft/vscode-remote-release/issues/1891 2019-12-02 11:27:07 +01:00
Eric Amodio fdefb9fe00 Changes to vscode-icon://codicon/ format 2019-11-27 12:03:07 -05:00
Eric Amodio efe2629b62 Switches to vscode-icon scheme & removes regex 
Uses URI.parse like the other usages of vscode-icon for consistency
 2019-11-27 03:14:30 -05:00
Eric Amodio 255766f07c
Adds codicons to hovers (#85580) 
* Closes #85579 - adds codicons to hovers

* Uses `icon://vscode.codicons/icon-name` url structure
 2019-11-26 14:47:39 -05:00
Johannes Rieken 953cd2e6a2 use string in markdown rendering - in most cases 2019-11-14 15:47:32 +01:00
Benjamin Pasero 06aadb28a7 debt - prepare for node 12 2019-10-28 09:54:19 +01:00
Alex Dima 3ff057ce33
Fix the shape of insane.js to make it ESM compatible (microsoft/monaco-editor#1574) 2019-09-30 16:28:29 +02:00