Matt Bierner
474d4951d8
Switch to dompurify for sanitizing markdown content ( #131950 )
...
* Switch to dompurify for sanitizing markdown content
Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support
I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions
* Remove logging and renaming param
* Move dompurify to browser layer
* Fixing tests and how we check valid attributes
* Allow innerhtml in specific files
* Use isEqualNode instead of checking innerHTML directly
innerHTML can return different results on different browsers. Use `isEqualNode` instead
* Reapply fix for trusted types
* Enable ALLOW_UNKNOWN_PROTOCOLS
I beleive this is required since we allow links to commands and loading images over remote
* in -> of
* Fix check of protocol
* Enable two more safe tags
2021-09-03 12:17:02 -07:00
Matt Bierner
6d2920473c
Fix #119786
...
Incorrectly reverted part of an earlier fix
2021-08-26 13:09:50 -07:00
Matt Bierner
188807087e
Don't transform data uris
...
Fixes #131256
2021-08-23 15:47:36 -07:00
Matt Bierner
b88a5c3286
Fix spelling on properties
2021-08-18 19:03:33 -07:00
Matt Bierner
863eb4d80a
Make sure we always try rewriting domUris in markdown strings
...
Fixes #119786
Not 100% this is the correct fix and needs testing in insiders to make sure it doesn't cause other regressions
2021-08-04 16:33:02 -07:00
Matt Bierner
494cbbd02d
Organize imports in vs/base
2021-08-04 12:28:27 -07:00
João Moreno
4168941dee
remove domEvent
...
related to #123487
2021-06-09 16:37:09 +02:00
Connor Peet
b168ece8de
markdown: add nbsp to unescaped sequences
2021-05-24 12:19:53 -07:00
Connor Peet
b3c56f5281
testing: bad rendering of inline decorations for markdown messages
2021-05-18 11:27:19 -07:00
Johannes Rieken
5539322998
"e; is ", re #115391
2021-02-16 09:20:54 +01:00
Johannes Rieken
f3b4f3f6ac
unescape characters that marked escaped, fixes https://github.com/microsoft/vscode/issues/115391
2021-02-15 14:11:55 +01:00
Thomas Neil James Shadwell
4566eebe4f
Fix typo in markdown sanitizer ( #111258 )
...
There was / is a typo in `markdownRenderer.js` that allowed any *trusted* document to pass arbitrary HTML through the marked.js sanitizer provided it is wrapped in `<span></span>` tags, or similar.
What could you have done with this? Not much that was not already possible in trusted mode, which, as far as I can tell is used just for Jypiter Notebooks that pretty much definitionally can execute Python anyway.
Insane strips everything worthwhile except `<a data-href=''/>` which you can use to send `command:` URIs on click (`javascript:` URIs are disabled at a higher level of abstraction), but are already whitelisted (L141) for trusted documents.
2021-01-14 17:26:10 -08:00
Martin Aeschlimann
6260e655bc
codicons -> iconLabels
2020-12-16 13:57:28 +01:00
Alex Ross
a1b6de9336
Fix markdown span style filter
...
Fixes #112606
2020-12-16 13:55:38 +01:00
Martin Aeschlimann
50d0d5f0d2
Theme icon modifiers should work everywhere. Fixes #112298
2020-12-11 16:48:45 +01:00
Damien Engels
5865aeaa7b
Rewrites Trusted Types sink assignements
...
Moves the casts to the sink assignement expression so that tsec can
recognize it.
2020-12-08 08:40:05 +01:00
Johannes Rieken
ad6f4faafb
use better name for async markdown rendering, https://github.com/microsoft/vscode/issues/67806
2020-11-18 16:25:56 +01:00
Johannes Rieken
f5a7eb3848
markdown renderer listens to img load and sends resize events, https://github.com/microsoft/vscode/issues/67806
2020-11-18 16:25:56 +01:00
Alex Ross
b0a7c8496d
IconLabel markdown title debt ( #109914 )
...
Fixes #109231
2020-11-05 11:15:53 +01:00
Matt Bierner
265a2f6424
Supress marked logging for using sanitize
...
Fixes #109904
2020-11-03 14:47:30 -08:00
Matt Bierner
8f1117bf44
Extract some functions in markdown renderer
2020-10-19 16:58:09 -07:00
Johannes Rieken
9c05b47e0f
💄 for events
2020-10-08 10:11:49 +02:00
Johannes Rieken
a8cf19d34a
use tt policy when rendering html from markdown, https://github.com/microsoft/vscode/issues/106396
2020-10-08 10:07:46 +02:00
Johannes Rieken
9073a3cc0d
chore - consolidate markdown rendering more, reduce innerHTML usage, related https://github.com/microsoft/vscode/issues/106395
2020-10-07 16:36:04 +02:00
Benjamin Pasero
ee8378e806
file access - merge asDomUri into
2020-09-25 18:04:38 +02:00
Johannes Rieken
ef4df1d1aa
remove old renderCodicons-function, rename renderCodiconsAsElement to renderCodicons
2020-09-14 09:22:22 +02:00
Johannes Rieken
e3380f2682
don't use renderCodicons any more, https://github.com/microsoft/vscode/issues/105799
2020-09-14 09:20:35 +02:00
jeanp413
ace080a622
Fixes #104776
2020-08-17 23:12:03 -05:00
Johannes Rieken
f1e08f5372
crop suggest details length, and markdown value length so that UX doesn't freeze, fixes https://github.com/microsoft/vscode/issues/100949
2020-07-06 12:32:05 +02:00
Rob Lourens
acf81e122d
Fix loading images from http in markdown cells
...
Fix #99386
2020-06-15 14:31:35 -05:00
Andrii Dieiev
eadd81d7c3
Allow table specific tags for markdown in hovers ( fixes #99983 ) ( #99988 )
...
fixes #99983
2020-06-12 17:00:41 +02:00
Alex Ross
3dba3b1126
Fix codicons in hovers
...
Part of https://github.com/microsoft/vscode/issues/99825
2020-06-11 15:24:08 +02:00
Alex Ross
464f3de63c
Allow style in span in markdown ( #97793 )
...
Part of #40607
2020-05-29 09:54:32 +02:00
Rob Lourens
478ba180b3
Fix command links, http links, file links in markdown cells
2020-05-26 13:37:16 -05:00
Rob Lourens
93c2e7b0f6
Support relative paths for links/images in markdown
...
Fix #97813
2020-05-14 11:49:47 -05:00
Pine Wu
ff99db8ca3
Fix #95937
2020-04-24 13:27:14 -07:00
Pine Wu
1a26964e96
Fix #95094
2020-04-22 12:39:40 -07:00
Johannes Rieken
f71ee8c9e8
When generating markdown, then only decode domURIs, https://github.com/microsoft/vscode/issues/90855
2020-03-03 16:23:07 +01:00
Peng Lyu
41b6008ee3
markdown renderer support marked options.
2020-02-20 09:47:07 -08:00
Miguel Solorio
82ed3d45ee
Revert "Merge pull request #87320 from microsoft/misolori/codicon-consolidation"
...
This reverts commit 6c9b23edc4
, reversing
changes made to 085abd5f1a
.
2019-12-19 13:44:49 -08:00
Miguel Solorio
641543b6ee
Consolidate codicon files to vs/base/parts/codicon
2019-12-18 22:30:07 -08:00
Eric Amodio
7bb8b0084f
Fixes #84695 - codicons in hovers
2019-12-11 17:30:32 -05:00
Eric Amodio
a868166d9e
Removes codicons support in markdown images
...
Will come back in a different form soon
2019-12-03 17:35:57 -05:00
Johannes Rieken
c26146d7c5
fix https://github.com/microsoft/vscode-remote-release/issues/1891
2019-12-02 11:27:07 +01:00
Eric Amodio
fdefb9fe00
Changes to vscode-icon://codicon/ format
2019-11-27 12:03:07 -05:00
Eric Amodio
efe2629b62
Switches to vscode-icon scheme & removes regex
...
Uses URI.parse like the other usages of vscode-icon for consistency
2019-11-27 03:14:30 -05:00
Eric Amodio
255766f07c
Adds codicons to hovers ( #85580 )
...
* Closes #85579 - adds codicons to hovers
* Uses `icon://vscode.codicons/icon-name` url structure
2019-11-26 14:47:39 -05:00
Johannes Rieken
953cd2e6a2
use string in markdown rendering - in most cases
2019-11-14 15:47:32 +01:00
Benjamin Pasero
06aadb28a7
debt - prepare for node 12
2019-10-28 09:54:19 +01:00
Alex Dima
3ff057ce33
Fix the shape of insane.js to make it ESM compatible ( microsoft/monaco-editor#1574 )
2019-09-30 16:28:29 +02:00