-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement vscode-file:// support and drop node.js for window loading #107437
Conversation
After a bit more investigation who is depending on
|
@bpasero The allowed schemes ones is probably fine. That would be used for cases where markdown from an extension contains a link such as I believe that markdown content can load images using the |
Yes it looks like our markdown content does allow loading images using the This is problematic because it allows reading images at any path, while the A first step may be to see how often |
@mjbvz ok, this will no longer work once we enable to block |
@bpasero Yes we limit the allowed scheme in a few places:
|
I just noticed that on Windows, when you cd into a UNC path via PowerShell and you try to run |
This PR is replaced by 169a0ec which gives us a way to enable
Other supported values are: I have enabled Turning this on by default is still blocked by electron/electron#27075 |
Continuation of #101837
Fixes #98682
Open issues: