Add way to disable markdown preview security warnings in a given workspace

Does not effect the content security level, only toggle the warning popup Fixes #32251
2024-09-13 13:46:13 +00:00 · 2017-11-16 18:38:32 -08:00 · 2017-11-16 18:38:32 -08:00 · 34c44f872c
parent af8d4d89f3
commit 34c44f872c
4 changed files with 34 additions and 8 deletions
--- a/extensions/markdown/media/csp.js
+++ b/extensions/markdown/media/csp.js
@ -12,7 +12,7 @@
 	let didShow = false;

 	const showCspWarning = () => {
-		if (didShow) {
+		if (didShow || settings.disableSecurityWarnings) {
 			return;
 		}
 		didShow = true;
--- a/extensions/markdown/src/extension.ts
+++ b/extensions/markdown/src/extension.ts
@ -46,7 +46,7 @@ export function activate(context: vscode.ExtensionContext) {
 		context.subscriptions.push(telemetryReporter);
 	}

-	const cspArbiter = new ExtensionContentSecurityPolicyArbiter(context.globalState);
+	const cspArbiter = new ExtensionContentSecurityPolicyArbiter(context.globalState, context.workspaceState);
 	const engine = new MarkdownEngine();

 	const logger = new Logger();
--- a/extensions/markdown/src/previewContentProvider.ts
+++ b/extensions/markdown/src/previewContentProvider.ts
@ -246,7 +246,8 @@ export class MDDocumentContentProvider implements vscode.TextDocumentContentProv
 			line: initialLine,
 			scrollPreviewWithEditorSelection: config.scrollPreviewWithEditorSelection,
 			scrollEditorWithPreview: config.scrollEditorWithPreview,
-			doubleClickToSwitchToEditor: config.doubleClickToSwitchToEditor
+			doubleClickToSwitchToEditor: config.doubleClickToSwitchToEditor,
+			disableSecurityWarnings: this.cspArbiter.shouldDisableSecurityWarnings()
 		};

 		this.logger.log('provideTextDocumentContent', initialData);
--- a/extensions/markdown/src/security.ts
+++ b/extensions/markdown/src/security.ts
@ -24,14 +24,20 @@ export interface ContentSecurityPolicyArbiter {
 	setSecurityLevelForResource(resource: vscode.Uri, level: MarkdownPreviewSecurityLevel): Thenable<void>;

 	shouldAllowSvgsForResource(resource: vscode.Uri): void;
+
+	shouldDisableSecurityWarnings(): boolean;
+
+	setShouldDisableSecurityWarning(shouldShow: boolean): Thenable<void>;
 }

 export class ExtensionContentSecurityPolicyArbiter implements ContentSecurityPolicyArbiter {
 	private readonly old_trusted_workspace_key = 'trusted_preview_workspace:';
 	private readonly security_level_key = 'preview_security_level:';
+	private readonly should_disable_security_warning_key = 'preview_should_show_security_warning:';

 	constructor(
-		private globalState: vscode.Memento
+		private globalState: vscode.Memento,
+		private workspaceState: vscode.Memento
 	) { }

 	public getSecurityLevelForResource(resource: vscode.Uri): MarkdownPreviewSecurityLevel {
@ -57,6 +63,14 @@ export class ExtensionContentSecurityPolicyArbiter implements ContentSecurityPol
 		return securityLevel === MarkdownPreviewSecurityLevel.AllowInsecureContent || securityLevel === MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent;
 	}

+	public shouldDisableSecurityWarnings(): boolean {
+		return this.workspaceState.get<boolean>(this.should_disable_security_warning_key, false);
+	}
+
+	public setShouldDisableSecurityWarning(disabled: boolean): Thenable<void> {
+		return this.workspaceState.update(this.should_disable_security_warning_key, disabled);
+	}
+
 	private getRoot(resource: vscode.Uri): vscode.Uri {
 		if (vscode.workspace.workspaceFolders) {
 			const folderForResource = vscode.workspace.getWorkspaceFolder(resource);
@ -82,7 +96,7 @@ export class PreviewSecuritySelector {

 	public async showSecutitySelectorForResource(resource: vscode.Uri): Promise<void> {
 		interface PreviewSecurityPickItem extends vscode.QuickPickItem {
-			type: 'moreinfo' | MarkdownPreviewSecurityLevel;
+			type: 'moreinfo' | 'toggle' | MarkdownPreviewSecurityLevel;
 		}

 		function markActiveWhen(when: boolean): string {
@ -108,7 +122,13 @@ export class PreviewSecuritySelector {
 					type: 'moreinfo',
 					label: localize('moreInfo.title', 'More Information'),
 					description: ''
-				}
+				}, {
+					type: 'toggle',
+					label: this.cspArbiter.shouldDisableSecurityWarnings()
+						? localize('enableSecurityWarning.title', "Enable preview security warnings in this workspace")
+						: localize('disableSecurityWarning.title', "Disable preview security warning in this workspace"),
+					description: localize('toggleSecurityWarning.description', 'Does not effect the content security level')
+				},
 			], {
 				placeHolder: localize(
 					'preview.showPreviewSecuritySelector.title',
@ -124,9 +144,14 @@ export class PreviewSecuritySelector {
 			return;
 		}

-		await this.cspArbiter.setSecurityLevelForResource(resource, selection.type);
-
 		const sourceUri = getMarkdownUri(resource);
+		if (selection.type === 'toggle') {
+			this.cspArbiter.setShouldDisableSecurityWarning(!this.cspArbiter.shouldDisableSecurityWarnings());
+			this.contentProvider.update(sourceUri);
+			return;
+		}
+
+		await this.cspArbiter.setSecurityLevelForResource(resource, selection.type);

 		await vscode.commands.executeCommand('_workbench.htmlPreview.updateOptions',
 			sourceUri,