mirror of
https://github.com/Microsoft/vscode
synced 2024-09-17 17:46:22 +00:00
Add getNonce function to generate webview nonces
This commit is contained in:
parent
31185ce96e
commit
5b8ce768f3
|
@ -210,7 +210,7 @@ class Preview extends Disposable {
|
|||
src: await this.getResourcePath(this.webviewEditor, this.resource, version),
|
||||
};
|
||||
|
||||
const nonce = Date.now().toString();
|
||||
const nonce = getNonce();
|
||||
|
||||
const cspSource = this.webviewEditor.webview.cspSource;
|
||||
return /* html */`<!DOCTYPE html>
|
||||
|
@ -265,3 +265,12 @@ class Preview extends Disposable {
|
|||
function escapeAttribute(value: string | vscode.Uri): string {
|
||||
return value.toString().replace(/"/g, '"');
|
||||
}
|
||||
|
||||
function getNonce() {
|
||||
let text = '';
|
||||
const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
||||
for (let i = 0; i < 64; i++) {
|
||||
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
||||
}
|
||||
return text;
|
||||
}
|
||||
|
|
|
@ -78,7 +78,7 @@ export class MarkdownContentProvider {
|
|||
this.logger.log('provideTextDocumentContent', initialData);
|
||||
|
||||
// Content Security Policy
|
||||
const nonce = new Date().getTime() + '' + new Date().getMilliseconds();
|
||||
const nonce = getNonce();
|
||||
const csp = this.getCsp(resourceProvider, sourceUri, nonce);
|
||||
|
||||
const body = await this.engine.render(markdownDocument, resourceProvider);
|
||||
|
@ -228,3 +228,12 @@ export class MarkdownContentProvider {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
function getNonce() {
|
||||
let text = '';
|
||||
const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
||||
for (let i = 0; i < 64; i++) {
|
||||
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
||||
}
|
||||
return text;
|
||||
}
|
||||
|
|
|
@ -85,7 +85,7 @@ export class SimpleBrowserView extends Disposable {
|
|||
private getHtml(url: string) {
|
||||
const configuration = vscode.workspace.getConfiguration('simpleBrowser');
|
||||
|
||||
const nonce = new Date().getTime() + '' + new Date().getMilliseconds();
|
||||
const nonce = getNonce();
|
||||
|
||||
const mainJs = this.extensionResourceUrl('media', 'index.js');
|
||||
const mainCss = this.extensionResourceUrl('media', 'main.css');
|
||||
|
@ -154,3 +154,13 @@ export class SimpleBrowserView extends Disposable {
|
|||
function escapeAttribute(value: string | vscode.Uri): string {
|
||||
return value.toString().replace(/"/g, '"');
|
||||
}
|
||||
|
||||
|
||||
function getNonce() {
|
||||
let text = '';
|
||||
const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
||||
for (let i = 0; i < 64; i++) {
|
||||
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
||||
}
|
||||
return text;
|
||||
}
|
||||
|
|
|
@ -133,7 +133,7 @@ class AbcEditor extends Disposable {
|
|||
private get html() {
|
||||
const contentRoot = path.join(this._extensionPath, 'customEditorMedia');
|
||||
const scriptUri = vscode.Uri.file(path.join(contentRoot, 'textEditor.js'));
|
||||
const nonce = Date.now() + '';
|
||||
const nonce = getNonce();
|
||||
return /* html */`<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
|
@ -163,3 +163,12 @@ class AbcEditor extends Disposable {
|
|||
this.syncedVersion = this.document.version;
|
||||
}
|
||||
}
|
||||
|
||||
function getNonce() {
|
||||
let text = '';
|
||||
const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
||||
for (let i = 0; i < 64; i++) {
|
||||
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
||||
}
|
||||
return text;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue