mirror of
https://github.com/Microsoft/vscode
synced 2024-08-27 21:09:43 +00:00
add AllowInsecureLocalContent option to MarkdownPreviewSecurityLevel (#46473)
This commit is contained in:
parent
5267caa45f
commit
e64b9b4f41
|
@ -164,6 +164,9 @@ export class MarkdownContentProvider {
|
|||
case MarkdownPreviewSecurityLevel.AllowInsecureContent:
|
||||
return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src vscode-resource: http: https: data:; media-src vscode-resource: http: https: data:; script-src 'nonce-${nonce}'; style-src vscode-resource: 'unsafe-inline' http: https: data:; font-src vscode-resource: http: https: data:;">`;
|
||||
|
||||
case MarkdownPreviewSecurityLevel.AllowInsecureLocalContent:
|
||||
return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src vscode-resource: https: data: http://localhost:* http://127.0.0.1:*; media-src vscode-resource: https: data: http://localhost:* http://127.0.0.1:*; script-src 'nonce-${nonce}'; style-src vscode-resource: 'unsafe-inline' https: data: http://localhost:* http://127.0.0.1:*; font-src vscode-resource: https: data: http://localhost:* http://127.0.0.1:*;">`;
|
||||
|
||||
case MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent:
|
||||
return '';
|
||||
|
||||
|
|
|
@ -14,7 +14,8 @@ const localize = nls.loadMessageBundle();
|
|||
export enum MarkdownPreviewSecurityLevel {
|
||||
Strict = 0,
|
||||
AllowInsecureContent = 1,
|
||||
AllowScriptsAndAllContent = 2
|
||||
AllowScriptsAndAllContent = 2,
|
||||
AllowInsecureLocalContent = 3
|
||||
}
|
||||
|
||||
export interface ContentSecurityPolicyArbiter {
|
||||
|
@ -109,6 +110,10 @@ export class PreviewSecuritySelector {
|
|||
type: MarkdownPreviewSecurityLevel.Strict,
|
||||
label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.Strict) + localize('strict.title', 'Strict'),
|
||||
description: localize('strict.description', 'Only load secure content'),
|
||||
}, {
|
||||
type: MarkdownPreviewSecurityLevel.AllowInsecureLocalContent,
|
||||
label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.AllowInsecureLocalContent) + localize('insecureLocalContent.title', 'Allow insecure local content'),
|
||||
description: localize('insecureLocalContent.description', 'Enable loading content over http served from localhost'),
|
||||
}, {
|
||||
type: MarkdownPreviewSecurityLevel.AllowInsecureContent,
|
||||
label: markActiveWhen(currentSecurityLevel === MarkdownPreviewSecurityLevel.AllowInsecureContent) + localize('insecureContent.title', 'Allow insecure content'),
|
||||
|
@ -133,7 +138,6 @@ export class PreviewSecuritySelector {
|
|||
'preview.showPreviewSecuritySelector.title',
|
||||
'Select security settings for Markdown previews in this workspace'),
|
||||
});
|
||||
|
||||
if (!selection) {
|
||||
return;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue