Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
 Path: blob/main/extensions/markdown-language-features/preview-src/csp.ts
3291 views
1
/*---------------------------------------------------------------------------------------------

2
 *  Copyright (c) Microsoft Corporation. All rights reserved.

3
 *  Licensed under the MIT License. See License.txt in the project root for license information.

4
 *--------------------------------------------------------------------------------------------*/

5


6
import { MessagePoster } from './messaging';

7
import { SettingsManager } from './settings';

8
import { getStrings } from './strings';

9


10
/**

11
 * Shows an alert when there is a content security policy violation.

12
 */

13
export class CspAlerter {

14
	private _didShow = false;

15
	private _didHaveCspWarning = false;

16


17
	private _messaging?: MessagePoster;

18


19
	constructor(

20
		private readonly _settingsManager: SettingsManager,

21
	) {

22
		document.addEventListener('securitypolicyviolation', () => {

23
			this._onCspWarning();

24
		});

25


26
		window.addEventListener('message', (event) => {

27
			if (event?.data && event.data.name === 'vscode-did-block-svg') {

28
				this._onCspWarning();

29
			}

30
		});

31
	}

32


33
	public setPoster(poster: MessagePoster) {

34
		this._messaging = poster;

35
		if (this._didHaveCspWarning) {

36
			this._showCspWarning();

37
		}

38
	}

39


40
	private _onCspWarning() {

41
		this._didHaveCspWarning = true;

42
		this._showCspWarning();

43
	}

44


45
	private _showCspWarning() {

46
		const strings = getStrings();

47
		const settings = this._settingsManager.settings;

48


49
		if (this._didShow || settings.disableSecurityWarnings || !this._messaging) {

50
			return;

51
		}

52
		this._didShow = true;

53


54
		const notification = document.createElement('a');

55
		notification.innerText = strings.cspAlertMessageText;

56
		notification.setAttribute('id', 'code-csp-warning');

57
		notification.setAttribute('title', strings.cspAlertMessageTitle);

58


59
		notification.setAttribute('role', 'button');

60
		notification.setAttribute('aria-label', strings.cspAlertMessageLabel);

61
		notification.onclick = () => {

62
			this._messaging!.postMessage('showPreviewSecuritySelector', { source: settings.source });

63
		};

64
		document.body.appendChild(notification);

65
	}

66
}

67


68