Merge branch 'main' into copilot/fix-259564

Author: Tyriar

.eslint-plugin-local/tsconfig.json

@@ -1,8 +1,8 @@
 {
 	"compilerOptions": {
-		"target": "es2020",
+		"target": "es2024",
 		"lib": [
-			"ES2020"
+			"ES2024"
 		],
 		"module": "commonjs",
 		"esModuleInterop": true,

.github/prompts/implement.prompt.md

@@ -7,4 +7,4 @@ Please write a high quality, general purpose solution. Implement a solution that
 
 Focus on understanding the problem requirements and implementing the correct algorithm. Tests are there to verify correctness, not to define the solution. Provide a principled implementation that follows best practices and software design principles.
 
-If the task is unreasonable or infeasible, or if any of the tests are incorrect, please tell me. The solution should be robust, maintainable, and extendable.
+If the task is unreasonable or infeasible, or if any of the tests are incorrect, please tell the user. The solution should be robust, maintainable, and extendable.

build/gulpfile.vscode.linux.js

@@ -107,6 +107,7 @@ function prepareDebPackage(arch) {
 
 		const postinst = gulp.src('resources/linux/debian/postinst.template', { base: '.' })
 			.pipe(replace('@@NAME@@', product.applicationName))
+			.pipe(replace('@@ARCHITECTURE@@', debArch))
 			.pipe(rename('DEBIAN/postinst'));
 
 		const templates = gulp.src('resources/linux/debian/templates.template', { base: '.' })

build/npm/jsconfig.json

@@ -1,8 +1,8 @@
 {
 	"compilerOptions": {
-		"target": "es2020",
+		"target": "es2024",
 		"lib": [
-			"ES2020"
+			"ES2024"
 		],
 		"module": "node16",
 		"checkJs": true,

build/tsconfig.json

@@ -1,8 +1,8 @@
 {
 	"compilerOptions": {
-		"target": "es2022",
+		"target": "es2024",
 		"lib": [
-			"ES2020"
+			"ES2024"
 		],
 		"module": "nodenext",
 		"alwaysStrict": true,

extensions/git/src/commands.ts

@@ -3480,15 +3480,32 @@ export class CommandCenter {
 				return;
 			}
 
-			// Check whether the selected branch is checked out in an existing worktree
-			const worktree = repository.worktrees.find(worktree => worktree.ref === choice.refId);
-			if (worktree) {
-				const message = l10n.t('Branch "{0}" is already checked out in the worktree at "{1}".', choice.refName, worktree.path);
-				await this.handleWorktreeConflict(worktree.path, message);
-				return;
-			}
+			if (choice.refName === repository.HEAD?.name) {
+				const message = l10n.t('Branch "{0}" is already checked out in the current repository.', choice.refName);
+				const createBranch = l10n.t('Create New Branch');
+				const pick = await window.showWarningMessage(message, { modal: true }, createBranch);
+
+				if (pick === createBranch) {
+					branch = await this.promptForBranchName(repository);
 
-			commitish = choice.refName;
+					if (!branch) {
+						return;
+					}
+
+					commitish = 'HEAD';
+				} else {
+					return;
+				}
+			} else {
+				// Check whether the selected branch is checked out in an existing worktree
+				const worktree = repository.worktrees.find(worktree => worktree.ref === choice.refId);
+				if (worktree) {
+					const message = l10n.t('Branch "{0}" is already checked out in the worktree at "{1}".', choice.refName, worktree.path);
+					await this.handleWorktreeConflict(worktree.path, message);
+					return;
+				}
+				commitish = choice.refName;
+			}
 		}
 
 		const worktreeName = ((branch ?? commitish).startsWith(branchPrefix)

resources/linux/debian/postinst.template

@@ -96,7 +96,7 @@ Types: deb
 URIs: https://packages.microsoft.com/repos/code
 Suites: stable
 Components: main
-Architectures: amd64,arm64,armhf
+Architectures: @@ARCHITECTURE@@
 Signed-By: $CODE_TRUSTED_PART
 EOF
 			if [ -f "$CODE_SOURCE_PART" ]; then
@@ -105,7 +105,7 @@ EOF
 		else
 			echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###
 # You may comment out this entry, but any other modifications may be lost.
-deb [arch=amd64,arm64,armhf] https://packages.microsoft.com/repos/code stable main" > $CODE_SOURCE_PART
+deb [arch=@@ARCHITECTURE@@] https://packages.microsoft.com/repos/code stable main" > $CODE_SOURCE_PART
 		fi
 
 		# Sourced from https://packages.microsoft.com/keys/microsoft.asc

src/vs/base/browser/domSanitize.ts

@@ -184,9 +184,15 @@ export interface DomSanitizerConfig {
 		readonly override?: readonly string[];
 	};
 
+	/**
+	 * If set, replaces unsupported tags with their plaintext representation instead of removing them.
+	 *
+	 * For example, <p><bad>"text"</bad></p> becomes <p>"<bad>text</bad>"</p>.
+	 */
+	readonly replaceWithPlaintext?: boolean;
+
 	// TODO: move these into more controlled api
 	readonly _do_not_use_hooks?: {
-		readonly uponSanitizeElement?: UponSanitizeElementCb;
 		readonly uponSanitizeAttribute?: UponSanitizeAttributeCb;
 	};
 }
@@ -238,8 +244,8 @@ export function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): Tr
 			config?.allowedLinkProtocols?.override ?? [Schemas.http, Schemas.https],
 			config?.allowedMediaProtocols?.override ?? [Schemas.http, Schemas.https]));
 
-		if (config?._do_not_use_hooks?.uponSanitizeElement) {
-			store.add(addDompurifyHook('uponSanitizeElement', config?._do_not_use_hooks.uponSanitizeElement));
+		if (config?.replaceWithPlaintext) {
+			store.add(addDompurifyHook('uponSanitizeElement', replaceWithPlainTextHook));
 		}
 
 		if (config?._do_not_use_hooks?.uponSanitizeAttribute) {
@@ -255,6 +261,56 @@ export function sanitizeHtml(untrusted: string, config?: DomSanitizerConfig): Tr
 	}
 }
 
+const selfClosingTags = ['area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'];
+
+function replaceWithPlainTextHook(element: Element, data: dompurify.SanitizeElementHookEvent, _config: dompurify.Config) {
+	if (!data.allowedTags[data.tagName] && data.tagName !== 'body') {
+		const replacement = convertTagToPlaintext(element);
+		if (element.nodeType === Node.COMMENT_NODE) {
+			// Workaround for https://github.com/cure53/DOMPurify/issues/1005
+			// The comment will be deleted in the next phase. However if we try to remove it now, it will cause
+			// an exception. Instead we insert the text node before the comment.
+			element.parentElement?.insertBefore(replacement, element);
+		} else {
+			element.parentElement?.replaceChild(replacement, element);
+		}
+	}
+}
+
+export function convertTagToPlaintext(element: Element): DocumentFragment {
+	let startTagText: string;
+	let endTagText: string | undefined;
+	if (element.nodeType === Node.COMMENT_NODE) {
+		startTagText = `<!--${element.textContent}-->`;
+	} else {
+		const tagName = element.tagName.toLowerCase();
+		const isSelfClosing = selfClosingTags.includes(tagName);
+		const attrString = element.attributes.length ?
+			' ' + Array.from(element.attributes)
+				.map(attr => `${attr.name}="${attr.value}"`)
+				.join(' ')
+			: '';
+		startTagText = `<${tagName}${attrString}>`;
+		if (!isSelfClosing) {
+			endTagText = `</${tagName}>`;
+		}
+	}
+
+	const fragment = document.createDocumentFragment();
+	const textNode = element.ownerDocument.createTextNode(startTagText);
+	fragment.appendChild(textNode);
+	while (element.firstChild) {
+		fragment.appendChild(element.firstChild);
+	}
+
+	const endTagTextNode = endTagText ? element.ownerDocument.createTextNode(endTagText) : undefined;
+	if (endTagTextNode) {
+		fragment.appendChild(endTagTextNode);
+	}
+
+	return fragment;
+}
+
 /**
  * Sanitizes the given `value` and reset the given `node` with it.
  */

src/vs/base/browser/markdownRenderer.ts

@@ -20,6 +20,7 @@ import { escape } from '../common/strings.js';
 import { URI } from '../common/uri.js';
 import * as DOM from './dom.js';
 import * as domSanitize from './domSanitize.js';
+import { convertTagToPlaintext } from './domSanitize.js';
 import { DomEmitter } from './event.js';
 import { FormattedTextRenderOptions } from './formattedTextRenderer.js';
 import { StandardKeyboardEvent } from './keyboardEvent.js';
@@ -211,6 +212,20 @@ export function renderMarkdown(markdown: IMarkdownString, options: MarkdownRende
 		}));
 	}
 
+	// Remove/disable inputs
+	for (const input of [...element.getElementsByTagName('input')]) {
+		if (input.attributes.getNamedItem('type')?.value === 'checkbox') {
+			input.setAttribute('disabled', '');
+		} else {
+			if (options.sanitizerConfig?.replaceWithPlaintext) {
+				const replacement = convertTagToPlaintext(input);
+				input.parentElement?.replaceChild(replacement, input);
+			} else {
+				input.remove();
+			}
+		}
+	}
+
 	return {
 		element,
 		dispose: () => {
@@ -412,15 +427,12 @@ function resolveWithBaseUri(baseUri: URI, href: string): string {
 	}
 }
 
-
-const selfClosingTags = ['area', 'base', 'br', 'col', 'command', 'embed', 'hr', 'img', 'input', 'keygen', 'link', 'meta', 'param', 'source', 'track', 'wbr'];
-
 function sanitizeRenderedMarkdown(
 	renderedMarkdown: string,
 	isTrusted: boolean | MarkdownStringTrustedOptions,
 	options: MarkdownSanitizerConfig = {},
 ): TrustedHTML {
-	const sanitizerConfig = getSanitizerOptions(isTrusted, options);
+	const sanitizerConfig = getDomSanitizerConfig(isTrusted, options);
 	return domSanitize.sanitizeHtml(renderedMarkdown, sanitizerConfig);
 }
 
@@ -434,7 +446,6 @@ export const allowedMarkdownHtmlAttributes = [
 	'autoplay',
 	'alt',
 	'checked',
-	'class',
 	'colspan',
 	'controls',
 	'disabled',
@@ -452,6 +463,7 @@ export const allowedMarkdownHtmlAttributes = [
 	'type',
 	'width',
 	'start',
+	'value',
 
 	// Custom markdown attributes
 	'data-code',
@@ -462,7 +474,7 @@ export const allowedMarkdownHtmlAttributes = [
 	'class',
 ];
 
-function getSanitizerOptions(isTrusted: boolean | MarkdownStringTrustedOptions, options: MarkdownSanitizerConfig): domSanitize.DomSanitizerConfig {
+function getDomSanitizerConfig(isTrusted: boolean | MarkdownStringTrustedOptions, options: MarkdownSanitizerConfig): domSanitize.DomSanitizerConfig {
 	const allowedLinkSchemes = [
 		Schemas.http,
 		Schemas.https,
@@ -507,6 +519,7 @@ function getSanitizerOptions(isTrusted: boolean | MarkdownStringTrustedOptions,
 				Schemas.vscodeRemoteResource,
 			]
 		},
+		replaceWithPlaintext: options.replaceWithPlaintext,
 		_do_not_use_hooks: {
 			uponSanitizeAttribute: (element, e) => {
 				if (options.customAttrSanitizer) {
@@ -545,61 +558,6 @@ function getSanitizerOptions(isTrusted: boolean | MarkdownStringTrustedOptions,
 					e.keepAttr = false;
 				}
 			},
-			uponSanitizeElement: (element, e) => {
-				let wantsReplaceWithPlaintext = false;
-				if (e.tagName === 'input') {
-					if (element.attributes.getNamedItem('type')?.value === 'checkbox') {
-						element.setAttribute('disabled', '');
-					} else if (options.replaceWithPlaintext) {
-						wantsReplaceWithPlaintext = true;
-					} else {
-						element.remove();
-						return;
-					}
-				}
-
-				if (options.replaceWithPlaintext && (wantsReplaceWithPlaintext || (!e.allowedTags[e.tagName] && e.tagName !== 'body'))) {
-					if (element.parentElement) {
-						let startTagText: string;
-						let endTagText: string | undefined;
-						if (e.tagName === '#comment') {
-							startTagText = `<!--${element.textContent}-->`;
-						} else {
-							const isSelfClosing = selfClosingTags.includes(e.tagName);
-							const attrString = element.attributes.length ?
-								' ' + Array.from(element.attributes)
-									.map(attr => `${attr.name}="${attr.value}"`)
-									.join(' ')
-								: '';
-							startTagText = `<${e.tagName}${attrString}>`;
-							if (!isSelfClosing) {
-								endTagText = `</${e.tagName}>`;
-							}
-						}
-
-						const fragment = document.createDocumentFragment();
-						const textNode = element.parentElement.ownerDocument.createTextNode(startTagText);
-						fragment.appendChild(textNode);
-						const endTagTextNode = endTagText ? element.parentElement.ownerDocument.createTextNode(endTagText) : undefined;
-						while (element.firstChild) {
-							fragment.appendChild(element.firstChild);
-						}
-
-						if (endTagTextNode) {
-							fragment.appendChild(endTagTextNode);
-						}
-
-						if (element.nodeType === Node.COMMENT_NODE) {
-							// Workaround for https://github.com/cure53/DOMPurify/issues/1005
-							// The comment will be deleted in the next phase. However if we try to remove it now, it will cause
-							// an exception. Instead we insert the text node before the comment.
-							element.parentElement.insertBefore(fragment, element);
-						} else {
-							element.parentElement.replaceChild(fragment, element);
-						}
-					}
-				}
-			}
 		}
 	};
 }

src/vs/base/test/browser/domSanitize.test.ts

@@ -113,4 +113,65 @@ suite('DomSanitize', () => {
 
 		assert.ok(str.includes('src="data:image/png;base64,'));
 	});
+
+	suite('replaceWithPlaintext', () => {
+
+		test('replaces unsupported tags with plaintext representation', () => {
+			const html = '<div>safe<script>alert(1)</script>content</div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true
+			});
+			const str = result.toString();
+			assert.strictEqual(str, `<div>safe&lt;script&gt;alert(1)&lt;/script&gt;content</div>`);
+		});
+
+		test('handles self-closing tags correctly', () => {
+			const html = '<div><input type="text"><custom-input /></div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true
+			});
+			assert.strictEqual(result.toString(), '<div>&lt;input type="text"&gt;&lt;custom-input&gt;&lt;/custom-input&gt;</div>');
+		});
+
+		test('handles tags with attributes', () => {
+			const html = '<div><unknown-tag class="test" id="myid">content</unknown-tag></div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true
+			});
+			assert.strictEqual(result.toString(), '<div>&lt;unknown-tag class="test" id="myid"&gt;content&lt;/unknown-tag&gt;</div>');
+		});
+
+		test('handles nested unsupported tags', () => {
+			const html = '<div><outer><inner>nested</inner></outer></div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true
+			});
+			assert.strictEqual(result.toString(), '<div>&lt;outer&gt;&lt;inner&gt;nested&lt;/inner&gt;&lt;/outer&gt;</div>');
+		});
+
+		test('handles comments correctly', () => {
+			const html = '<div><!-- this is a comment -->content</div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true
+			});
+			assert.strictEqual(result.toString(), '<div>&lt;!-- this is a comment --&gt;content</div>');
+		});
+
+		test('handles empty tags', () => {
+			const html = '<div><empty></empty></div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true
+			});
+			assert.strictEqual(result.toString(), '<div>&lt;empty&gt;&lt;/empty&gt;</div>');
+		});
+
+		test('works with custom allowed tags configuration', () => {
+			const html = '<div><custom>allowed</custom><forbidden>not allowed</forbidden></div>';
+			const result = sanitizeHtml(html, {
+				replaceWithPlaintext: true,
+				allowedTags: { augment: ['custom'] }
+			});
+			assert.strictEqual(result.toString(), '<div><custom>allowed</custom>&lt;forbidden&gt;not allowed&lt;/forbidden&gt;</div>');
+		});
+	});
 });