474d4951d8
* Switch to dompurify for sanitizing markdown content Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions * Remove logging and renaming param * Move dompurify to browser layer * Fixing tests and how we check valid attributes * Allow innerhtml in specific files * Use isEqualNode instead of checking innerHTML directly innerHTML can return different results on different browsers. Use `isEqualNode` instead * Reapply fix for trusted types * Enable ALLOW_UNKNOWN_PROTOCOLS I beleive this is required since we allow links to commands and loading images over remote * in -> of * Fix check of protocol * Enable two more safe tags
20 lines
1.2 KiB
HTML
20 lines
1.2 KiB
HTML
<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' https: data: blob: vscode-remote-resource:; media-src 'none'; frame-src 'self' vscode-webview:; object-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https: ws:; font-src 'self' https: vscode-remote-resource:;">
|
|
<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker dompurify notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost;">
|
|
</head>
|
|
<body aria-label="">
|
|
</body>
|
|
|
|
<!-- Init Bootstrap Helpers -->
|
|
<script src="../../../../bootstrap.js"></script>
|
|
<script src="../../../../vs/loader.js"></script>
|
|
<script src="../../../../bootstrap-window.js"></script>
|
|
|
|
<!-- Startup via workbench.js -->
|
|
<script src="workbench.js"></script>
|
|
</html>
|