Skip to content

Commit 1943737

Browse files
author
Jackson Kearl
authored
* Fix microsoft#143985 * Sanitize md style image refs as welll
1 parent b7730c8 commit 1943737

File tree

2 files changed

+21
-14
lines changed

2 files changed

+21
-14
lines changed

src/vs/workbench/contrib/markdown/browser/markdownDocumentRenderer.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@ function sanitize(documentContent: string, allowUnknownProtocols: boolean): stri
161161
for (const attr of ['href', 'src']) {
162162
if (node.hasAttribute(attr)) {
163163
anchor.href = node.getAttribute(attr) as string;
164-
if (!allowedProtocols.includes(anchor.protocol)) {
164+
if (!allowedProtocols.includes(anchor.protocol.replace(/:$/, ''))) {
165165
node.removeAttribute(attr);
166166
}
167167
}

src/vs/workbench/contrib/welcomeGettingStarted/browser/gettingStarted.ts

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -474,7 +474,22 @@ export class GettingStartedPage extends EditorPane {
474474
}
475475

476476
private mdCache = new ResourceMap<Promise<string>>();
477-
private async readAndCacheStepMarkdown(path: URI): Promise<string> {
477+
private async readAndCacheStepMarkdown(path: URI, base: URI): Promise<string> {
478+
479+
const transformUri = (src: string) => {
480+
const path = joinPath(base, src);
481+
return asWebviewUri(path).toString();
482+
};
483+
const transformUris = (content: string): string => content
484+
.replace(/src="([^"]*)"/g, (_, src: string) => {
485+
if (src.startsWith('https://')) { return `src="${src}"`; }
486+
return `src="${transformUri(src)}"`;
487+
})
488+
.replace(/!\[([^\]]*)\]\(([^)]*)\)/g, (_, title: string, src: string) => {
489+
if (src.startsWith('https://')) { return `![${title}](${src})`; }
490+
return `![${title}](${transformUri(src)})`;
491+
});
492+
478493
if (!this.mdCache.has(path)) {
479494
this.mdCache.set(path, (async () => {
480495
try {
@@ -483,7 +498,7 @@ export class GettingStartedPage extends EditorPane {
483498
return new Promise<string>(resolve => {
484499
require([moduleId], content => {
485500
const markdown = content.default();
486-
resolve(renderMarkdownDocument(markdown, this.extensionService, this.languageService, true, true));
501+
resolve(renderMarkdownDocument(transformUris(markdown), this.extensionService, this.languageService, true, true));
487502
});
488503
});
489504
}
@@ -512,7 +527,7 @@ export class GettingStartedPage extends EditorPane {
512527
: path);
513528

514529
const markdown = bytes.value.toString();
515-
return renderMarkdownDocument(markdown, this.extensionService, this.languageService, true, true);
530+
return renderMarkdownDocument(transformUris(markdown), this.extensionService, this.languageService, true, true);
516531
} catch (e) {
517532
this.notificationService.error('Error reading markdown document at `' + path + '`: ' + e);
518533
return '';
@@ -772,18 +787,10 @@ export class GettingStartedPage extends EditorPane {
772787
}
773788

774789
private async renderMarkdown(path: URI, base: URI): Promise<string> {
775-
const content = await this.readAndCacheStepMarkdown(path);
790+
const content = await this.readAndCacheStepMarkdown(path, base);
776791
const nonce = generateUuid();
777792
const colorMap = TokenizationRegistry.getColorMap();
778793

779-
const uriTranformedContent = content.replace(/src="([^"]*)"/g, (_, src: string) => {
780-
if (src.startsWith('https://')) { return `src="${src}"`; }
781-
782-
const path = joinPath(base, src);
783-
const transformed = asWebviewUri(path).toString();
784-
return `src="${transformed}"`;
785-
});
786-
787794
const css = colorMap ? generateTokensCSSForColorMap(colorMap) : '';
788795

789796
const inDev = document.location.protocol === 'http:';
@@ -854,7 +861,7 @@ export class GettingStartedPage extends EditorPane {
854861
</head>
855862
<body>
856863
<vertically-centered>
857-
${uriTranformedContent}
864+
${content}
858865
</vertically-centered>
859866
</body>
860867
<script nonce="${nonce}">

0 commit comments

Comments
 (0)