474d4951d8
* Switch to dompurify for sanitizing markdown content Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions * Remove logging and renaming param * Move dompurify to browser layer * Fixing tests and how we check valid attributes * Allow innerhtml in specific files * Use isEqualNode instead of checking innerHTML directly innerHTML can return different results on different browsers. Use `isEqualNode` instead * Reapply fix for trusted types * Enable ALLOW_UNKNOWN_PROTOCOLS I beleive this is required since we allow links to commands and loading images over remote * in -> of * Fix check of protocol * Enable two more safe tags |
||
---|---|---|
.. | ||
azure-pipelines | ||
builtin | ||
darwin | ||
lib | ||
linux | ||
monaco | ||
npm | ||
win32 | ||
.cachesalt | ||
.gitattributes | ||
.moduleignore | ||
.webignore | ||
eslint.js | ||
filters.js | ||
gulpfile.compile.js | ||
gulpfile.editor.js | ||
gulpfile.extensions.js | ||
gulpfile.hygiene.js | ||
gulpfile.js | ||
gulpfile.reh.js | ||
gulpfile.scan.js | ||
gulpfile.vscode.js | ||
gulpfile.vscode.linux.js | ||
gulpfile.vscode.web.js | ||
gulpfile.vscode.win32.js | ||
hygiene.js | ||
jsconfig.json | ||
package.json | ||
tsconfig.build.json | ||
tsconfig.json | ||
yarn.lock |