Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Trusted Types violations (round #4) #113975

Closed
1 of 2 tasks
jrieken opened this issue Jan 7, 2021 · 4 comments
Closed
1 of 2 tasks

Fix Trusted Types violations (round #4) #113975

jrieken opened this issue Jan 7, 2021 · 4 comments
Assignees
@jrieken @sandy081 @mjbvz
Labels
engineering VS Code - Build / issue tracking / etc.
Milestone
January 2021

Comments

@jrieken
Copy link
Member

jrieken commented Jan 7, 2021
edited by sandy081
Loading

This is for #103699 and should be the last round 🤞 Use yarn tsec-compile-check or un-comment this line and execute your feature

DOMParser().parseFromString

  • src/vs/workbench/contrib/extensions/browser/extensionEditor.ts (here) @sandy081 To fix this you can use a trusted types policy but I believe using insane is enough here. Adding @mjbvz who has most experience.

innerHTML usage

  • the electron web view tag @mjbvz @jrieken this is tricky because it is from electron itself. The violation is in renderer_init.js and fairly small t.innerHTML='<!DOCTYPE html><style type="text/css">:host { display: flex; }</style>'. I will file an upstream issue to begin with
@jrieken jrieken added the engineering VS Code - Build / issue tracking / etc. label Jan 7, 2021
@jrieken jrieken added this to the January 2021 milestone Jan 7, 2021
@jrieken
Copy link
Member Author

jrieken commented Jan 7, 2021

electron issue for the webview case: electron/electron#27211

jrieken added a commit that referenced this issue Jan 7, 2021
@jrieken
use default tt policy to workaround electron webview innerHTML-usage, #…
a9dc6d2 
…113975
@jrieken
Copy link
Member Author

jrieken commented Jan 7, 2021

fyi - I have pushed a9dc6d2 which works around the aforementioned electron issue by the (discouraged) use of a default policy.

jrieken added a commit that referenced this issue Jan 7, 2021
@jrieken
make default policy strict, #113975
c1930b6
sandy081 added a commit that referenced this issue Jan 7, 2021
@sandy081
#113975 use insance to remove svgs tags
23ac286
@sandy081
Copy link
Member

sandy081 commented Jan 7, 2021

Used insane to remove svg tags

@jrieken
Copy link
Member Author

jrieken commented Jan 8, 2021

Closing since we have an upstream issue and since we have good enough workaround

@jrieken jrieken closed this as completed Jan 8, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Feb 22, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jrieken jrieken

@sandy081 sandy081

@mjbvz mjbvz

Labels
engineering VS Code - Build / issue tracking / etc.
Projects
None yet
Milestone
January 2021
Development

No branches or pull requests
3 participants
@jrieken @sandy081 @mjbvz