Allow markdown security setting for single file opens Fixes #24749

2024-09-13 21:55:38 +00:00 · 2017-04-19 22:31:35 -07:00 · 2017-04-19 22:31:35 -07:00 · 740f662023
parent 03b549f896
commit 740f662023
3 changed files with 18 additions and 17 deletions
--- a/extensions/markdown/src/extension.ts
+++ b/extensions/markdown/src/extension.ts
@ -163,7 +163,7 @@ export function activate(context: vscode.ExtensionContext) {
 	}));

 	context.subscriptions.push(vscode.commands.registerCommand('markdown.showPreviewSecuritySelector', (resource: string | undefined) => {
-		previewSecuritySelector.showSecutitySelectorForWorkspace(resource);
+		previewSecuritySelector.showSecutitySelectorForWorkspace(resource ? vscode.Uri.parse(resource).query : undefined);
 	}));

 	context.subscriptions.push(vscode.workspace.onDidSaveTextDocument(document => {
@ -280,5 +280,3 @@ function getPackageInfo(): IPackageInfo | null {
 	}
 	return null;
 }
-
-
--- a/extensions/markdown/src/previewContentProvider.ts
+++ b/extensions/markdown/src/previewContentProvider.ts
@ -14,7 +14,7 @@ import { Logger } from "./logger";
 const localize = nls.loadMessageBundle();

 export interface ContentSecurityPolicyArbiter {
-	isEnhancedSecurityDisableForWorkspace(): boolean;
+	isEnhancedSecurityDisableForWorkspace(rootPath: string): boolean;

 	addTrustedWorkspace(rootPath: string): Thenable<void>;

@ -33,7 +33,15 @@ export function isMarkdownFile(document: vscode.TextDocument) {
 }

 export function getMarkdownUri(uri: vscode.Uri) {
-	return uri.with({ scheme: 'markdown', path: uri.fsPath + '.rendered', query: uri.toString() });
+	if (uri.scheme === 'markdown') {
+		return uri;
+	}
+
+	return uri.with({
+		scheme: 'markdown',
+		path: uri.fsPath + '.rendered',
+		query: uri.toString()
+	});
 }

 class MarkdownPreviewConfig {
@ -217,7 +225,7 @@ export class MDDocumentContentProvider implements vscode.TextDocumentContentProv
 			// Content Security Policy
 			const nonce = new Date().getTime() + '' + new Date().getMilliseconds();
 			let csp = `<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self' http: https: data:; media-src 'self' http: https: data:; child-src 'none'; script-src 'nonce-${nonce}'; style-src 'self' 'unsafe-inline' http: https: data:; font-src 'self' http: https: data:;">`;
-			if (this.cspArbiter.isEnhancedSecurityDisableForWorkspace()) {
+			if (this.cspArbiter.isEnhancedSecurityDisableForWorkspace(vscode.workspace.rootPath || sourceUri.toString())) {
 				csp = '';
 			}

--- a/extensions/markdown/src/security.ts
+++ b/extensions/markdown/src/security.ts
@ -19,8 +19,8 @@ export class ExtensionContentSecurityPolicyArbiter implements ContentSecurityPol
 		private globalState: vscode.Memento
 	) { }

-	public isEnhancedSecurityDisableForWorkspace(): boolean {
-		return this.globalState.get<boolean>(this.key + vscode.workspace.rootPath, false);
+	public isEnhancedSecurityDisableForWorkspace(rootPath: string): boolean {
+		return this.globalState.get<boolean>(this.key + rootPath, false);
 	}

 	public addTrustedWorkspace(rootPath: string): Thenable<void> {
@ -57,16 +57,11 @@ export class PreviewSecuritySelector {

 		let sourceUri: vscode.Uri | null = null;
 		if (resource) {
-			sourceUri = vscode.Uri.parse(decodeURIComponent(resource));
+			sourceUri = getMarkdownUri(vscode.Uri.parse(resource));
 		}

 		if (!sourceUri && vscode.window.activeTextEditor) {
-			const activeDocument = vscode.window.activeTextEditor.document;
-			if (activeDocument.uri.scheme === 'markdown') {
-				sourceUri = activeDocument.uri;
-			} else {
-				sourceUri = getMarkdownUri(activeDocument.uri);
-			}
+			sourceUri = getMarkdownUri(vscode.window.activeTextEditor.document.uri);
 		}

 		vscode.window.showQuickPick<PreviewSecurityPickItem>(
@ -77,7 +72,7 @@ export class PreviewSecuritySelector {
 						'preview.showPreviewSecuritySelector.disallowScriptsForWorkspaceTitle',
 						'Disable script execution in markdown previews for this workspace'),
 					description: '',
-					detail: this.cspArbiter.isEnhancedSecurityDisableForWorkspace()
+					detail: this.cspArbiter.isEnhancedSecurityDisableForWorkspace(workspacePath)
 						? ''
 						: localize('preview.showPreviewSecuritySelector.currentSelection', 'Current setting')
 				}, {
@ -86,7 +81,7 @@ export class PreviewSecuritySelector {
 						'preview.showPreviewSecuritySelector.allowScriptsForWorkspaceTitle',
 						'Enable script execution in markdown previews for this workspace'),
 					description: '',
-					detail: this.cspArbiter.isEnhancedSecurityDisableForWorkspace()
+					detail: this.cspArbiter.isEnhancedSecurityDisableForWorkspace(workspacePath)
 						? localize('preview.showPreviewSecuritySelector.currentSelection', 'Current setting')
 						: ''
 				},