Skip to content

Commit 5d7bf1f

Browse files
dummdidummdummdidumm
authored
(fix) make runtime/ls-path configurable in user settings only
Due to security reasons: If this could be set in the workspace, a malicious workspace could point this to an arbitrary executable.
1 parent 42fded0 commit 5d7bf1f

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

packages/svelte-vscode/package.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,14 +49,16 @@
4949
"title": "Svelte",
5050
"properties": {
5151
"svelte.language-server.runtime": {
52+
"scope": "application",
5253
"type": "string",
5354
"title": "Language Server Runtime",
54-
"description": "- You normally don't need this - Path to the node executable to use to spawn the language server. This is useful when you depend on native modules such as node-sass as without this they will run in the context of vscode, meaning node version mismatch is likely."
55+
"description": "- You normally don't need this - Path to the node executable to use to spawn the language server. This is useful when you depend on native modules such as node-sass as without this they will run in the context of vscode, meaning node version mismatch is likely. This setting can only be changed in user settings for security reasons."
5556
},
5657
"svelte.language-server.ls-path": {
58+
"scope": "application",
5759
"type": "string",
5860
"title": "Language Server Path",
59-
"description": "- You normally don't set this - Path to the language server executable. If you installed the \"svelte-language-server\" npm package, it's within there at \"bin/server.js\". Path can be either relative to your workspace root or absolute. Set this only if you want to use a custom version of the language server."
61+
"description": "- You normally don't set this - Path to the language server executable. If you installed the \"svelte-language-server\" npm package, it's within there at \"bin/server.js\". Path can be either relative to your workspace root or absolute. Set this only if you want to use a custom version of the language server. This setting can only be changed in user settings for security reasons."
6062
},
6163
"svelte.language-server.port": {
6264
"type": "number",

0 commit comments

Comments
 (0)