feat: add integrated web preview with element selection

[roomote]

Fixes #5971

Summary

This PR implements an integrated web preview feature with element selection capabilities for AI context, as requested in issue #5971. The implementation provides a seamless web development experience by eliminating the need to switch between the IDE and external browsers.

Features Implemented

1. Web Preview Panel

• Added a new sidebar panel in VSCode for previewing web applications
• Implemented URL navigation with address bar and refresh functionality
• Created responsive viewport controls with preset device sizes (Desktop, Tablet, Mobile) and custom dimensions

2. Element Selection & Context Extraction

• Click-to-select functionality with visual highlighting
• Comprehensive element context extraction including:
  • HTML snippet
  • CSS selector path
  • XPath
  • Position and dimensions
  • Computed styles
  • Element attributes

3. AI Integration

• Created web_preview tool for AI assistant integration
• Allows AI to open URLs in the preview panel
• Enables AI to access selected element context for better assistance
• Integrated with the existing tool approval flow

4. Technical Implementation

• WebPreviewProvider: Core provider class managing the webview panel lifecycle
• React UI Component: Modern UI with VSCode webview UI toolkit integration
• Message Passing: Bidirectional communication between extension and webview
• Type Safety: Full TypeScript support with proper type definitions

Changes Made

• Added src/core/webview/WebPreviewProvider.ts - Main provider class
• Added webview-ui/src/components/web-preview/WebPreview.tsx - React UI component
• Added webview-ui/src/components/web-preview/WebPreview.css - Styling
• Added src/core/tools/webPreviewTool.ts - AI tool integration
• Updated src/extension.ts - Registered the preview provider
• Updated src/activate/registerCommands.ts - Added preview commands
• Updated src/package.json - Added view container and commands
• Updated type definitions across the codebase for tool integration
• Updated Vite configuration for new webview entry point

Testing

• Built successfully with no TypeScript errors
• ESLint checks pass
• Manual testing shows:
  • Preview panel opens correctly in sidebar
  • URL navigation works as expected
  • Element selection highlights elements on hover
  • Element context is properly extracted and sent to extension
  • AI tool integration functions correctly

Screenshots

The implementation matches the requested functionality from the issue, providing an integrated preview experience similar to Windsurf IDE.

Next Steps

This implementation provides a solid foundation that can be extended with additional features like:

• Browser DevTools integration
• Network request monitoring
• Console output capture
• Multiple preview tabs
• Preview history navigation

---

Important

Adds integrated web preview with element selection and AI integration in VSCode, including a new sidebar panel and commands.

• Web Preview Panel:
  • Adds a sidebar panel in VSCode for web app preview with URL navigation and responsive viewport controls.
  • Implements WebPreviewProvider in WebPreviewProvider.ts to manage the webview lifecycle.
• Element Selection & Context Extraction:
  • Enables click-to-select with visual highlighting and context extraction (HTML, CSS, XPath, etc.).
  • Uses WebPreview.tsx for React UI component and WebPreview.css for styling.
• AI Integration:
  • Introduces web_preview tool in webPreviewTool.ts for AI assistant integration.
  • Allows AI to open URLs and access selected element context.
• Commands and Configuration:
  • Adds openWebPreview and getSelectedElement commands in registerCommands.ts.
  • Updates package.json to register new commands and view.
• Miscellaneous:
  • Updates vite.config.ts for new webview entry point.
  • Adds webPreview.html for webview setup.

^{This description was created by for ab7ccf1. You can customize this summary. It will automatically update as commits are pushed.}

[ellipsis-dev]

Typographical issue: The new union value "web_preview" is using snake_case whereas the other values use camelCase (e.g. "finishTask", "searchAndReplace", "insertContent"). Consider using "webPreview" for consistency.

To address the issue, we need to ensure that only trusted URLs are used as the src attribute for the <iframe>. The best way to fix this is to implement a whitelist of allowed URLs or domains and validate state.url against this list before using it. If the URL is not in the whitelist, we should not render it in the iframe.

1. Define a list of allowed domains or URLs in the component.
2. Create a utility function to validate a URL against the whitelist.
3. Before setting state.url, validate the URL. If it is not valid, discard or handle it appropriately (e.g., show an error message).
4. Update the handleMessage function to include this validation and ensure only safe URLs are stored in the component's state.

---

To fix this client-side XSS vulnerability, validate and sanitize the URL received from event.data.state.url before using it as the src of the <iframe>. The best way is to enforce that only trusted, well-formed URLs are accepted. This can be achieved by checking that the URL is a valid HTTP/HTTPS URL and/or matches a whitelist of allowed domains.

The fix should be implemented in the handleMessage function around line 42. Before updating the state with a new URL, validate it using the built-in URL constructor and ensure it uses an allowed protocol (http: or https:) and (optionally) matches a trusted domain. If the URL is invalid, ignore the update or show an error. You may also want to add a helper function for this validation.

The changes are limited to the region in the provided file where the message is handled and state is updated, so no changes are needed outside webview-ui/src/components/web-preview/WebPreview.tsx. You may need to add a helper function, imports, and update how setState and setUrlInput are called.

---

[daniel-lxs]

Closing, the implementation will be done by @SannidhyaSah