Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
vscode
提交
1bbf3b3f
V
vscode
项目概览
xxadev
/
vscode
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
V
vscode
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
1bbf3b3f
编写于
8月 15, 2019
作者:
M
Matt Bierner
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add telemetry+warning for webviews that don't have a content security policy
Fixes #79248
上级
883ae906
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
41 addition
and
1 deletion
+41
-1
extensions/markdown-language-features/src/features/previewContentProvider.ts
...-language-features/src/features/previewContentProvider.ts
+1
-1
src/vs/workbench/contrib/webview/browser/pre/main.js
src/vs/workbench/contrib/webview/browser/pre/main.js
+6
-0
src/vs/workbench/contrib/webview/electron-browser/webviewElement.ts
...kbench/contrib/webview/electron-browser/webviewElement.ts
+34
-0
未找到文件。
extensions/markdown-language-features/src/features/previewContentProvider.ts
浏览文件 @
1bbf3b3f
...
...
@@ -209,7 +209,7 @@ export class MarkdownContentProvider {
return
`<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self'
${
rule
}
https: data: http://localhost:* http://127.0.0.1:*; media-src 'self'
${
rule
}
https: data: http://localhost:* http://127.0.0.1:*; script-src 'nonce-
${
nonce
}
'; style-src 'self'
${
rule
}
'unsafe-inline' https: data: http://localhost:* http://127.0.0.1:*; font-src 'self'
${
rule
}
https: data: http://localhost:* http://127.0.0.1:*;">`
;
case
MarkdownPreviewSecurityLevel
.
AllowScriptsAndAllContent
:
return
''
;
return
'
<meta http-equiv="Content-Security-Policy" content="">
'
;
case
MarkdownPreviewSecurityLevel
.
Strict
:
default
:
...
...
src/vs/workbench/contrib/webview/browser/pre/main.js
浏览文件 @
1bbf3b3f
...
...
@@ -285,6 +285,12 @@
applyStyles
(
newDocument
,
newDocument
.
body
);
// Check for CSP
const
csp
=
newDocument
.
querySelector
(
'
meta[http-equiv="Content-Security-Policy"]
'
);
if
(
!
csp
)
{
host
.
postMessage
(
'
no-csp-found
'
);
}
// set DOCTYPE for newDocument explicitly as DOMParser.parseFromString strips it off
// and DOCTYPE is needed in the iframe to ensure that the user agent stylesheet is correctly overridden
return
'
<!DOCTYPE html>
\n
'
+
newDocument
.
documentElement
.
outerHTML
;
...
...
src/vs/workbench/contrib/webview/electron-browser/webviewElement.ts
浏览文件 @
1bbf3b3f
...
...
@@ -13,9 +13,11 @@ import { endsWith } from 'vs/base/common/strings';
import
{
URI
}
from
'
vs/base/common/uri
'
;
import
*
as
modes
from
'
vs/editor/common/modes
'
;
import
{
IConfigurationService
}
from
'
vs/platform/configuration/common/configuration
'
;
import
{
IEnvironmentService
}
from
'
vs/platform/environment/common/environment
'
;
import
{
IFileService
}
from
'
vs/platform/files/common/files
'
;
import
{
IInstantiationService
}
from
'
vs/platform/instantiation/common/instantiation
'
;
import
{
ITunnelService
}
from
'
vs/platform/remote/common/tunnel
'
;
import
{
ITelemetryService
}
from
'
vs/platform/telemetry/common/telemetry
'
;
import
{
ITheme
,
IThemeService
}
from
'
vs/platform/theme/common/themeService
'
;
import
{
WebviewPortMappingManager
}
from
'
vs/workbench/contrib/webview/common/portMapping
'
;
import
{
getWebviewThemeData
}
from
'
vs/workbench/contrib/webview/common/themeing
'
;
...
...
@@ -284,6 +286,8 @@ export class ElectronWebviewBasedWebview extends Disposable implements Webview {
@
IFileService
fileService
:
IFileService
,
@
ITunnelService
tunnelService
:
ITunnelService
,
@
IConfigurationService
private
readonly
_configurationService
:
IConfigurationService
,
@
ITelemetryService
private
readonly
_telemetryService
:
ITelemetryService
,
@
IEnvironmentService
private
readonly
_environementService
:
IEnvironmentService
,
)
{
super
();
this
.
content
=
{
...
...
@@ -412,6 +416,10 @@ export class ElectronWebviewBasedWebview extends Disposable implements Webview {
case
'
did-blur
'
:
this
.
handleFocusChange
(
false
);
return
;
case
'
no-csp-found
'
:
this
.
handleNoCspFound
();
return
;
}
}));
this
.
_register
(
addDisposableListener
(
this
.
_webview
,
'
devtools-opened
'
,
()
=>
{
...
...
@@ -546,6 +554,32 @@ export class ElectronWebviewBasedWebview extends Disposable implements Webview {
}
}
private
_hasAlertedAboutMissingCsp
=
false
;
private
handleNoCspFound
():
void
{
if
(
this
.
_hasAlertedAboutMissingCsp
)
{
return
;
}
this
.
_hasAlertedAboutMissingCsp
=
true
;
if
(
this
.
_options
.
extension
&&
this
.
_options
.
extension
.
id
)
{
if
(
this
.
_environementService
.
isExtensionDevelopment
)
{
console
.
warn
(
`
${
this
.
_options
.
extension
.
id
.
value
}
created a webview without a content security policy: https://aka.ms/vscode-webview-missing-csp`
);
}
type
TelemetryClassification
=
{
extension
?:
{
classification
:
'
SystemMetaData
'
,
purpose
:
'
FeatureInsight
'
}
};
type
TelemetryData
=
{
extension
?:
string
,
};
this
.
_telemetryService
.
publicLog2
<
TelemetryData
,
TelemetryClassification
>
(
'
webviewMissingCsp
'
,
{
extension
:
this
.
_options
.
extension
.
id
.
value
});
}
}
public
sendMessage
(
data
:
any
):
void
{
this
.
_send
(
'
message
'
,
data
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录