maxmustermann/vscode
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
87056 commits 463 branches 209 tags 638 MiB
Commit graph

11 commits

Author SHA1 Message Date
Matt Bierner 474d4951d8
Switch to dompurify for sanitizing markdown content (#131950) 
* Switch to dompurify for sanitizing markdown content

Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support

I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions

* Remove logging and renaming param

* Move dompurify to browser layer

* Fixing tests and how we check valid attributes

* Allow innerhtml in specific files

* Use isEqualNode instead of checking innerHTML directly

innerHTML can return different results on different browsers. Use `isEqualNode` instead

* Reapply fix for trusted types

* Enable ALLOW_UNKNOWN_PROTOCOLS

I beleive this is required since we allow links to commands and loading images over remote

* in -> of

* Fix check of protocol

* Enable two more safe tags
 2021-09-03 12:17:02 -07:00
Johannes Rieken aacda89007
remove extensionHostWorkerMain and use workerMain bootstrapping, https://github.com/microsoft/vscode/issues/127760 2021-07-02 16:04:55 +02:00
Johannes Rieken 6c3defb810
remove default tt-policy since https://github.com/electron/electron/issues/27211 is fixed, https://github.com/electron/electron/issues/27211 2021-06-25 15:44:27 +02:00
rebornix 473cfe28bf Revert "Revert "Merge branch 'main' of https://github.com/microsoft/vscode into main"" 
This reverts commit 7c01395da1.
 2021-05-25 17:49:34 -07:00
Harald Kirschner 7c01395da1 Revert "Merge branch 'main' of https://github.com/microsoft/vscode into main" 
This reverts commit 7a976501eb, reversing
changes made to 2257676834.
 2021-05-25 17:19:40 -07:00
Johannes Rieken eff82a3cef
rename trusted types CSP from notebookOutputRenderer to just notebookRenderer 2021-05-25 12:32:14 +02:00
Alex Dima 32db232a53
Scaffold ghost text 2021-05-17 15:39:26 +02:00
Matt Bierner 63fbe4473f Remove vscode-webview-test from electron csp 
On desktop, we now use a custom protocol to serve all webview resources so this should no longer be required
 2021-03-30 14:37:47 -07:00
Alexandru Dima c789c22efa
Fixes #115224: Adopt Trusted Types in DiffReview 2021-01-27 15:25:10 +01:00
Benjamin Pasero 9deba1b10a code catchup 2021-01-20 10:35:19 +01:00
Benjamin Pasero 46860a105b sandbox - allow to bring up a minimal workbench with simple services and in-memory file-system 2020-08-26 08:32:19 +02:00