mirror of https://github.com/coder/code-server.git
parent
a48c2fb119
commit
72fe124e30
|
@ -1033,7 +1033,7 @@ index 0d2d53003b..03489411bb 100644
|
||||||
group: '5_update',
|
group: '5_update',
|
||||||
command: {
|
command: {
|
||||||
diff --git a/src/vs/workbench/contrib/webview/browser/pre/index.html b/src/vs/workbench/contrib/webview/browser/pre/index.html
|
diff --git a/src/vs/workbench/contrib/webview/browser/pre/index.html b/src/vs/workbench/contrib/webview/browser/pre/index.html
|
||||||
index ac53ce590e..2ce2b9d9f2 100644
|
index ac53ce590e..69dbbd859c 100644
|
||||||
--- a/src/vs/workbench/contrib/webview/browser/pre/index.html
|
--- a/src/vs/workbench/contrib/webview/browser/pre/index.html
|
||||||
+++ b/src/vs/workbench/contrib/webview/browser/pre/index.html
|
+++ b/src/vs/workbench/contrib/webview/browser/pre/index.html
|
||||||
@@ -4,7 +4,7 @@
|
@@ -4,7 +4,7 @@
|
||||||
|
@ -1041,17 +1041,36 @@ index ac53ce590e..2ce2b9d9f2 100644
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<meta http-equiv="Content-Security-Policy"
|
<meta http-equiv="Content-Security-Policy"
|
||||||
- content="default-src 'none'; script-src 'self'; frame-src 'self'; style-src 'unsafe-inline'; worker-src 'self';" />
|
- content="default-src 'none'; script-src 'self'; frame-src 'self'; style-src 'unsafe-inline'; worker-src 'self';" />
|
||||||
+ content="default-src 'none'; script-src 'self'; frame-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self'; img-src https: data:;" />
|
+ content="default-src 'none'; script-src 'self' 'unsafe-inline'; frame-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self'; img-src https: data:; font-src 'self';" />
|
||||||
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||||
@@ -16,4 +16,4 @@
|
diff --git a/src/vs/workbench/contrib/webview/browser/pre/main.js b/src/vs/workbench/contrib/webview/browser/pre/main.js
|
||||||
<script src="host.js"></script>
|
index 63585fc25c..f49b63e024 100644
|
||||||
</body>
|
--- a/src/vs/workbench/contrib/webview/browser/pre/main.js
|
||||||
|
+++ b/src/vs/workbench/contrib/webview/browser/pre/main.js
|
||||||
|
@@ -256,7 +256,7 @@
|
||||||
|
*/
|
||||||
|
function toContentHtml(data) {
|
||||||
|
const options = data.options;
|
||||||
|
- const text = data.contents;
|
||||||
|
+ const text = data.contents.replace(/vscode-resource:/g, "'self'");
|
||||||
|
const newDocument = new DOMParser().parseFromString(text, 'text/html');
|
||||||
|
|
||||||
-</html>
|
newDocument.querySelectorAll('a').forEach(a => {
|
||||||
\ No newline at end of file
|
@@ -265,6 +265,12 @@
|
||||||
+</html>
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
+ // REVIEW: Why is it required for scripts to be loaded at the end?
|
||||||
|
+ // Without this the document in the iframe appears to simply truncate.
|
||||||
|
+ newDocument.querySelectorAll('script').forEach(script => {
|
||||||
|
+ newDocument.body.appendChild(script);
|
||||||
|
+ });
|
||||||
|
+
|
||||||
|
// apply default script
|
||||||
|
if (options.allowScripts) {
|
||||||
|
const defaultScript = newDocument.createElement('script');
|
||||||
diff --git a/src/vs/workbench/services/environment/browser/environmentService.ts b/src/vs/workbench/services/environment/browser/environmentService.ts
|
diff --git a/src/vs/workbench/services/environment/browser/environmentService.ts b/src/vs/workbench/services/environment/browser/environmentService.ts
|
||||||
index 73e8b7c1d1..653d88e4f4 100644
|
index 73e8b7c1d1..653d88e4f4 100644
|
||||||
--- a/src/vs/workbench/services/environment/browser/environmentService.ts
|
--- a/src/vs/workbench/services/environment/browser/environmentService.ts
|
||||||
|
|
Loading…
Reference in New Issue