Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trusted Types policy usage #106396

Closed
jrieken opened this issue Sep 10, 2020 · 15 comments
Closed

Trusted Types policy usage #106396

jrieken opened this issue Sep 10, 2020 · 15 comments
Assignees
Labels
engineering VS Code - Build / issue tracking / etc.
Milestone

Comments

@jrieken
Copy link
Member

jrieken commented Sep 10, 2020

The editor view layer uses innerHTML for performance reasons and we aren't ready to rework that (see #106285 (comment)) This is a use-case of a custom policy, e.g one which doesn't escape things. There might be other, still unknown, places where policies are required, e.g when rendering markdown. This is the item to track such policy usages.

@jrieken jrieken self-assigned this Sep 10, 2020
@jrieken jrieken added this to the September 2020 milestone Sep 10, 2020
@jrieken jrieken added the engineering VS Code - Build / issue tracking / etc. label Sep 10, 2020
@jrieken
Copy link
Member Author

jrieken commented Sep 10, 2020

fyi @annkamsk

jrieken added a commit to microsoft/vscode-loader that referenced this issue Sep 11, 2020
jrieken added a commit that referenced this issue Sep 11, 2020
@jrieken
Copy link
Member Author

jrieken commented Sep 11, 2020

I have pushed a few changes that make sure we have a trusted types polyfill (comes view the AMD loader) and typings. Also, the loader has got an option to created trusted script urls. With that most TrustedScriptURL warning are gone. Line 36 in the snippet below is a sample of a loader config to enable trusted types (policies are insecure)

<script>
self.require = {
baseUrl: `${window.location.origin}/static/out`,
recordStats: true,
createTrustedScriptURL: value => value,
paths: {
'vscode-textmate': `${window.location.origin}/static/remote/web/node_modules/vscode-textmate/release/main`,
'vscode-oniguruma': `${window.location.origin}/static/remote/web/node_modules/vscode-oniguruma/release/main`,
'xterm': `${window.location.origin}/static/remote/web/node_modules/xterm/lib/xterm.js`,
'xterm-addon-search': `${window.location.origin}/static/remote/web/node_modules/xterm-addon-search/lib/xterm-addon-search.js`,
'xterm-addon-unicode11': `${window.location.origin}/static/remote/web/node_modules/xterm-addon-unicode11/lib/xterm-addon-unicode11.js`,
'xterm-addon-webgl': `${window.location.origin}/static/remote/web/node_modules/xterm-addon-webgl/lib/xterm-addon-webgl.js`,
'semver-umd': `${window.location.origin}/static/remote/web/node_modules/semver-umd/lib/semver-umd.js`,
'iconv-lite-umd': `${window.location.origin}/static/remote/web/node_modules/iconv-lite-umd/lib/iconv-lite-umd.js`,
'jschardet': `${window.location.origin}/static/remote/web/node_modules/jschardet/dist/jschardet.min.js`,
}
};
</script>

@annkamsk
Copy link
Contributor

fyi @engelsdamien @koto @Siegrift

jpda added a commit to jpda/vscode that referenced this issue Sep 14, 2020
* Add back hideHover and use on tree context menu show
Fixes microsoft#106268

* Update distro

* 💄

* explorer: Fix TrustedTypes violation

microsoft#106285

* produce deb, rpm packages

* Add loginShell (microsoft/vscode-remote-release#3593)

* chore - tweak onDidAddNotebookDocument, onDidRemoveNotebookDocument event, use ResourceMap and fix confusion between models and editors

* notebook update

* pinned tabs - update setting enum name

* Use innerText over innerHTML, microsoft#106285

* rename to IHostColorSchemeService

* API proposal for tree item icon color
Part of microsoft#103120

* chore - when target might be undefined use `target?.dispose()` over `dispose(target)`

* deprecate onDidChangeCells

* Reenable notebook smoke test microsoft#105330

* deprecate onDidChangeContent

* Add numeric values support for terminal.integrated.fontWeight

* unified onDidChangeContent

* node-pty@0.10.0-beta17

Fixes microsoft#105957

* 💄

* debt - remove _unInitializedDocuments

* remove `NotebookDocument#displayOrder` , fixes microsoft#106305

* no uninitialized documents.

* chore - update references viewlet

* debug: make serverReadyAction play nicely with js-debug

Fixes microsoft#86035
Fixes microsoft/vscode-js-debug#440

* fix rpm

* high contrast switching in browser

* Fix occasional bad custom selectbox layout
Fix microsoft#106302

* review comments

* Bump vscode-ripgrep for ARM
microsoft#6442

* Revert more specific class names for editor tokens

Reverts microsoft#103485
Fixes microsoft#106261

I believe that microsoft#103485 broke cases where the markdown renderer creates tokenized strings that are used outside of an editor's dom node (such as in hovers or in webviews)

The safest fix for now is to revert it. We can revist this and make the markdown renderer handle the tokenized output better next iteration

* remove emit selections.

* merge conflict resolve.

* fix integration tests.

* Disable errors in non-semantic supported files

Fixes microsoft#106299
Fixes microsoft#106314

Also enables js/ts features on the right side of PRs and in search results

* proper fix for microsoft#105202 (microsoft#106293)

* Only enable 'open with' on files

Fixes microsoft#106291

* Add WebviewView.description

Allow configuring the description for webview views.

This is rendered next to the title in a less prominently in the title

* Remove manual strikethroughs for deprecated properties in vscode.d.ts

Now that TS has support for `@deprecated`, these manual strike throughs should no longer be required.

* Add show method to webview view

Fixes microsoft#106085

* Skip failing test

* fix microsoft#106283

* enable test

* fix microsoft#106283

* pinnedTabSizing.standard => pinnedTabSizing.normal

* install dot net core sdk

* update distro

* tabs - align icon and text vertically centered in tab

* update distro

* distro

* fix microsoft#106308

* Update gitignore decorations when .git/info/exclude file is edited (microsoft#106270)

* detect local `exclude` file edits

* use `uri.path` to detect exclude file edits

`uri.path` uses forward slash as a path separator indepentent of
the host system, which makes it easier to use with regex

* updated searches

* editor - rename context keys variables

* fix microsoft#105999

* pinned tabs - prevent to close pinned tabs via Cmd+W (microsoft#100738)

* Reduce usage of `.innerHTML` (microsoft#106285)

* fix uninstalling extension

* remove unused import

* add `replaceNotebookMetadata` (should become `replaceMetadata`) to NotebookEditorEdit, microsoft#105283

* add `replaceNotebookMetadata`, microsoft#105283

* use textContent instead of innerHTML (for microsoft#106285)

* chore - move appyWorkspaceEdit from extHostTextEditors to (new) extHostBulkEdits and mainThreadBulkEdits

* chore - extract extHostNotebookDocument for the NotebookDocument and NotebookCell types and friends

* chore - extract ExtHostNotebookEditor into its own file

* chore - remove ExtHostNotebookEditor#uri and use document.uri instead

* chore - 💄 member order: property, ctor, method

* publish arm deb and rpm

* trusted types

related to microsoft#106285

* use async await

* distro

* update trusted types search

* trusted types - use textContent for style elements, fyi @rebornix

* fix arch

* Fix compile after merge

* Use instantiation service to create TerminalLinks

* Consolidate colon trim logic

* Avoid slice when checking colon

* Check length again

I prefer chatAt over slice as it's more obvious what's happening

* Move comment into helper function

* Update extensions/git/src/commands.ts

* Update extensions/git/src/commands.ts

* Update extensions/git/src/commands.ts

* Save prompt is shown while saving from settings split json editor (fix microsoft#106330)

* Only allow configurePlugin against main TS Server

Fixes microsoft#106346

Looks like the TS Server doesn't support this in partial mode at the moment

* Adding more explicit typings for promises

This gets us ready for TS 4.1

* Don't use async on abstract functions

* chore - use workingCopyService.isDirty instead notebook.isDirty

* Update Codicons
- Update 'pinned'
- Add 'export'
- Compress 'merge'
microsoft/vscode-codicons@5bcb1a0

* Add explicit undefined parameters / types

These errors come from the new stricter types for Promises in TS 4.1

* debt - IMainNotebookController#removeNotebookDocument

* debt - invoke resolve notebook when opening a notebook in an editor, not when loading a notebook from source

* do not need isUntitled.

* 💂 polish nb tests.

* remove selections from nb text model.

* replace changeCellLanguage to applyEdit

* fix microsoft#105916. expand metadata section if modified.

* move dirty state to NotebookEditorModel.

* chore, simply notebook text model event emitter

* refs microsoft#106285

* Add subscribers action

* Fix terminal ts 4.1 compile issues

Part of microsoft#106358

* Fix ts 4.1 issues in terminal api tests

* Update Codicons: add 'graph-left'
microsoft/vscode-codicons@dd1edb2

* initialize notebook text model data only through ctor.

* 💄

* Mark property readonly

* Enable webview commands for webview views

Fixes microsoft#105670

Previously our webview commands assumed that webviews were always going to be in an editor. This is no longer true with webview views.

To fix this, I've added an `activeWebview` to the `IWebviewService`. This  tracks the currently focused webview.

* microsoft#106358

* debug: bump js-debug-companion

* re microsoft#105735.

* re microsoft#105735. no more udpateMetadata api.

* Fix microsoft#106303

* Use destructuring to make code more clear

* Add isWritableFileSystem api

Fixes microsoft#91697

This new API checks if a given scheme allows writing

* Revert "Fix microsoft#106303"

This reverts commit 8e5eed1.

this is causing a layer check issue

* Cache webview view title across reloads

Fixes microsoft#105867

* fix some TS 4.1 errors (microsoft#106358)

* fix some TS 4.1 errors (microsoft#106358)

* fix TS 4.1 compile errors, microsoft#106358

* pinned tabs - flip default to "shrink"

* fix ts errors

related to microsoft#106358

* pinned tabs - closing pinned tab should open next non-pinned

* pinned tabs - add a tab.lastPinnedBorder color

* Adds commands for --no-verify commit variants (microsoft#106335)

* add `{allow,confirm}NoVerifyCommit`  options

* adds commit comands with no verify

* handles no verify command variants

* handle no verify commit option

* only display no verify variants when option is set

* trusted types

related to microsoft#106395

* more TS 4.1 fixes (microsoft#106358)

* update trusted types search

* Fix TS 4.1 errors for tasks and remote explorer
Part of microsoft#106358

* Adress microsoft#106358: Fix TS 4.1 errors in codebase

* debt - simplify metadata edit because we now have CellEditType.DocumentMetadata

* Fix Trusted Types violations (round #2) microsoft#106395

* debug: return result of a msg to debug adapter can be undefined

* add ExtHostFileSystemInfo which knows what schemes are reserved and which are used, microsoft#91697

* fixes microsoft#106334

* web - fix bad credentials lookup

* Correct path to code-workspace.xml

Fixes microsoft#106384

* Multi git executable paths (microsoft#85954)

* Multi git executable path

* update `git.path` setting description

* 💄

Co-authored-by: João Moreno <joao.moreno@microsoft.com>

* Correct linux code-workspace path

* fixes microsoft#104047

* Add defaultUriScheme to path service (microsoft#106400)

Fixes microsoft/vscode-internalbacklog#1179

* 💄

* Fix  microsoft#106303

* Avoid innerHTML (microsoft#106395)

* Avoid innerHTML (microsoft#106395)

* debt - REMOTE_HOST_SCHEME => Schemas.vscodeRemote

* fixes microsoft#106355

* pathService - defaultUriScheme() => defaultUriScheme

* Adjust active terminal tab when active tab moves (microsoft#106413)

Fixes microsoft#106300

* debt - adopt defaultUriScheme also for userHome

* debt - adopt defaultUriScheme over hardcoded vscode-remote in toLocalResource

* some integration tests for notebook editing, microsoft#105283

* refs microsoft#106358

* Bump yargs-parser in /extensions/markdown-language-features (microsoft#106373)

Bumps [yargs-parser](https://github.com/yargs/yargs-parser) from 13.1.1 to 13.1.2.
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/master/docs/CHANGELOG-full.md)
- [Commits](https://github.com/yargs/yargs-parser/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump yargs-parser in /extensions/css-language-features/server

Bumps [yargs-parser](https://github.com/yargs/yargs-parser) from 13.1.1 to 13.1.2.
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/master/docs/CHANGELOG-full.md)
- [Commits](https://github.com/yargs/yargs-parser/commits)

Signed-off-by: dependabot[bot] <support@github.com>

* Remove arrays.findIndex

For microsoft#103454

This should be a direct map to the `.findIndex` mathod

* Use textContnet for style element

For microsoft#106395

* use textcontent in menu css
refs microsoft#106395

* Fix one innerHTML usage microsoft#106395

* Use `@example` tags in vscode.d.ts (microsoft#106352)

`@example` is the standard way to document code examples. This also gets us syntax highlighting of code examples in hovers

* - reload only local user configuration after initi
- add perf mark up and logs

* re microsoft#105735. batch apply edits.

* notebook text model initialization does not increment version

* private outputs slice and unknown change.

* applyEdit supports begin/end selections.

* replace insertCell with applyEdit.

* do not copy execution related metadata

* 💄

* fix build.

* Document view.type contribution

Fixes microsoft#105821

* Improve views contribution point

- add required properties
- add default snippet
- use `markdownDescription` for markdown string

* Replace our arrays.find with stdlib find

For microsoft#103454

* Pin blob storage dep
see Azure/azure-sdk-for-js#11187

* unit tests for batched edits.

* remove spliceNotebook api from textmodel.

* update exploration branch

* Fix some trusted type violations, microsoft#106395

* fix fonts in monaco menu

* update distro

* some jsdoc for microsoft#54938

* try to fix build (linux)

* electron - set spellcheck: false again for windows

* update search file, microsoft#106395

* 🆙 web playground

* Trusted types - don't use innerHTML for rapid render, microsoft#106395

* Remove Schemas.vscodeRemote from simple file dialog

* debt - remove some any casts from window

* update distro

* fix linux build

* argh

* proxy authentication does not work on 1.49 (microsoft#106434)

* do not use hasClass and first

microsoft#103454

* debug and explroer: do not use dom.addClass, dom.toggleClass

* do not use deprecated dom helper methods

microsoft#103454

* adopt new amd loader with support for TrustedScriptURL, add typings for TrustedTypesFactory et al, microsoft#106396

* explorer: Should maintain row focus after deleting a file

fixes microsoft#71315

* Update Codicons: add 'magnet' icon
microsoft/vscode-codicons@4c61155

* Remove unused 'SettingSearch' issue type

* notebook document data loss.

* cell language should not be freezed.

* Add preferred_username to the list of msft token claims (microsoft#106511)

* debug: update js-debug

* fix microsoft#106430.

* hide outputs if it is transient.

* Add optional typing for webview state in WebviewPanelSerializer

This makes it easier for extensions to correctly type their state if they wish

* Add comment to WebviewViewResolveContext

* use optional chaining

* Use `Set` instead of array

Sets should offer faster checking to see if a property has been seen

* Create webview.web.contribution

Fixes microsoft#106516

Creates an explicit contribution file for web. This makes sure we only don't register the `IWebviewService` twice. Not 100% sure this fixes the issue since I couldn't repo the original bug with our oss builds

* Revert "API proposal for tree item icon color"

This reverts commit 52e557f.

* Skip formatting when during format-on-save, the configured formatter cannot be found (continue to show silent notification), microsoft#106376

* don't use renderCodicons any more, microsoft#105799

* remove old renderCodicons-function, rename renderCodiconsAsElement to renderCodicons

* NotebookEditorEdit-api changes, microsoft#105283

* WorkspaceEdit-api changes, microsoft#105283

* adopt notebook integration tests, microsoft#105283

* add NotebookCell#index, microsoft#106637

* fix delay issue for provideCodeLenses, microsoft#106267

* rename RunOnceScheduler#timeout to delay

* use debian stretch images (microsoft#106656)

* remove deprecated function calls

related to microsoft#103454

* workaround, maybe fix for microsoft#106657

* update search files

* debt - make class list utils functions so that @deprecated works for them

* fixes microsoft#106406

* notebook - when creating a notebook, check that no notebook with another viewtype exists

* fix bad classList usage

* add regression test for microsoft#106657

* fixes microsoft#86180

* fixes microsoft#100172

Co-authored-by: Alex Ross <alros@microsoft.com>
Co-authored-by: Daniel Imms <daimms@microsoft.com>
Co-authored-by: João Moreno <joao.moreno@microsoft.com>
Co-authored-by: isidor <inikolic@microsoft.com>
Co-authored-by: Christof Marti <chrmarti@microsoft.com>
Co-authored-by: Johannes Rieken <johannes.rieken@gmail.com>
Co-authored-by: Benjamin Pasero <benjpas@microsoft.com>
Co-authored-by: Martin Aeschlimann <martinae@microsoft.com>
Co-authored-by: rebornix <penn.lv@gmail.com>
Co-authored-by: Rob Lourens <roblourens@gmail.com>
Co-authored-by: IllusionMH <illusionmh@gmail.com>
Co-authored-by: Daniel Imms <tyriar@tyriar.com>
Co-authored-by: Connor Peet <connor@peet.io>
Co-authored-by: Matt Bierner <matb@microsoft.com>
Co-authored-by: Jean Pierre <jeanp413@hotmail.com>
Co-authored-by: Peng Lyu <penlv@microsoft.com>
Co-authored-by: Sandeep Somavarapu <sasomava@microsoft.com>
Co-authored-by: Vyacheslav Pukhanov <vyacheslav.pukhanov@gmail.com>
Co-authored-by: Alex Dima <alexdima@microsoft.com>
Co-authored-by: João Moreno <mail@joaomoreno.com>
Co-authored-by: Miguel Solorio <miguel.solorio@microsoft.com>
Co-authored-by: SteVen Batten <steven.m.batten@outlook.com>
Co-authored-by: Jackson Kearl <jakearl@microsoft.com>
Co-authored-by: Rachel Macfarlane <ramacfar@microsoft.com>
Co-authored-by: Dirk Baeumer <dirkb@microsoft.com>
Co-authored-by: WhizSid <whizsid@aol.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: Oleg Demchenko <oldemche@microsoft.com>
@Siegrift
Copy link
Contributor

Hi, I am currently working on a few enhancements in tsec, specifically on the following things

  1. Improving type awareness such that assignments of Trusted Types (TT) are allowed.
    We plan to support various common patterns such as casting TT value to string or using an unwrapper function. We will use the existing TT typing from definitely typed. Any particular reason why you created the custom ones?

  2. Tsec as language service plugin
    This one is in review internally, but after it's merged you will be able to see the violations in the IDE right as you type.

  3. Support for tsec fixers
    You can create a Fixer which can produce a suggested fix for a given violation.
    This one is currently only planned, and it's a bigger change but the implementation should start soon. The question is:

    Can you imagine a fixer tailored for VSCode?

    I see that you added a createTrustedScriptURL builder, but I am not sure if this function is available everywhere and whether it's a good fit for a fixer. The fixer will have access to the full source code, but has only limited information about the violations. Basic fixers we are thinking about replace the dangerous value with sanitizer call (and maybe imports the sanitizer) or offers using safe alternative (e.g. innerText instead of innerHTML).


If you feel this deserves a separate issue to discuss this on, we can create one and move the discussion there.

@jrieken
Copy link
Member Author

jrieken commented Sep 15, 2020

Any particular reason why you created the custom ones?

I didn't expect them to exist already ;-) Also, I have only added a very minimal api-only polyfill so I didn't spec more of the trusted types API. Also wondering how to do it properly when assigning e.g. TrustedHTML to innerHTML - it accepts a string only and I didn't like 'foo.innerHTML = tt.toString()' too much. Anyways, let me think about this again, esp with tsec in mind. The task will be to make the polyfill more complete

I see that you added a createTrustedScriptURL builder, but I am not sure if this function is available everywhere and whether it's a good fit for a fixer.

Yeah, the createTrustedScriptURL is very specific to the AMD loader. That's something we use in different contexts and not something were we can enable trusted types by default. That's why I added the config option to pass the builder which is basically TrustedTypePolicyOptions#createScriptURL.

Not sure if I can image a tailored VS Code fixer - violations I have seen so far all very different. There might some low-hanging fixers for cases when the empty string is assigned. A common violation was the population of style-tags via innerHTML - we have replaced those with textContent which would be a candidate for automation.

This one is in review internally, but after it's merged you will be able to see the violations in the IDE right as you type.

Very excited about that!

@engelsdamien
Copy link
Contributor

I have pushed a few changes that make sure we have a trusted types polyfill (comes view the AMD loader) and typings. Also, the loader has got an option to created trusted script urls. With that most TrustedScriptURL warning are gone. Line 36 in the snippet below is a sample of a loader config to enable trusted types (policies are insecure)

<script>
self.require = {
baseUrl: `${window.location.origin}/static/out`,
recordStats: true,
createTrustedScriptURL: value => value,
paths: {
'vscode-textmate': `${window.location.origin}/static/remote/web/node_modules/vscode-textmate/release/main`,
'vscode-oniguruma': `${window.location.origin}/static/remote/web/node_modules/vscode-oniguruma/release/main`,
'xterm': `${window.location.origin}/static/remote/web/node_modules/xterm/lib/xterm.js`,
'xterm-addon-search': `${window.location.origin}/static/remote/web/node_modules/xterm-addon-search/lib/xterm-addon-search.js`,
'xterm-addon-unicode11': `${window.location.origin}/static/remote/web/node_modules/xterm-addon-unicode11/lib/xterm-addon-unicode11.js`,
'xterm-addon-webgl': `${window.location.origin}/static/remote/web/node_modules/xterm-addon-webgl/lib/xterm-addon-webgl.js`,
'semver-umd': `${window.location.origin}/static/remote/web/node_modules/semver-umd/lib/semver-umd.js`,
'iconv-lite-umd': `${window.location.origin}/static/remote/web/node_modules/iconv-lite-umd/lib/iconv-lite-umd.js`,
'jschardet': `${window.location.origin}/static/remote/web/node_modules/jschardet/dist/jschardet.min.js`,
}
};
</script>

One thing to note is that with this current setup, it might be easy to degrade security in the future without realizing, due to the fact that the validation function far away from the actual policy creation, so changes in the former might not look suspicious to a reviewer, but are actually security relevant.

We are currently working on open sourcing our set of Trusted Types builders, but our general approach is to try to fully encapsulate the policy behaviour so that consumers of the builders cannot change the security property of the resulting types.

One of the tricks that we use to ensure that a value is safe is by using template literals to separate what comes from the program's source vs what is dynamic. (when it comes from the program source, there is no risk for it to be user controlled). This might work in this case since all your paths seem to be in the program's source.

So you could define a function like follows:

// This remains private, all security considerations stay in this file.
const policy = trustedTypes.createPolicy('amdLoader', {createScriptURL: (value: string) => value});

export function scriptURL(templateObj: TemplateStringsArray): TrustedScriptURL {
 if (!templateObj.length === 1) { throw "Cannot interpolate in script urls"; }
 if (!templateObj[0].startsWith('/')) { throw "Only absolute paths are allowed in script urls"; }
 return policy.createScriptURL(`${window.location.origin}${templateObj[0]}`);
}

And then use it anywhere you want like follows:

<script> 
 	self.require = { 
 		baseUrl: scriptURL`/static/out`, 
 		recordStats: true, 
 		paths: { 
 			'vscode-textmate': scriptURL`/static/remote/web/node_modules/vscode-textmate/release/main`, 
 			'vscode-oniguruma': scriptURL`/static/remote/web/node_modules/vscode-oniguruma/release/main`, 
 			...
 		} 
 	}; 
 </script> 

@Siegrift
Copy link
Contributor

Also wondering how to do it properly when assigning e.g. TrustedHTML to innerHTML - it accepts a string only and I didn't like 'foo.innerHTML = tt.toString()' too much.

Unfortunately, there is no support for this in TS due to this issue. Also, you approach (elem.innerHTML = tt.toString()) will not work because it will stringify the value and you'll get a Trusted Type violation.
For now, you need to lie to the compiler somehow. For example, elem.innerHTML = tt as unknown as string (tt is still a Trusted Type and TS is happy as well).

This pattern might be tedious so you might want to use unwrapper function to unwrap the trusted value: elem.innerHTML = unwrap(tt), where const unwrap = (tt: TrustedHTML) => tt as unknown as string.

@jrieken
Copy link
Member Author

jrieken commented Oct 5, 2020

@Siegrift Can you help with the tsec tool. Since a couple of weeks it seems broken (misses files in its distribution). We have brought it in via ac7bf03. Is there now a different way to use it, like via npm?

@Siegrift
Copy link
Contributor

Siegrift commented Oct 5, 2020

@jrieken Can you provide more info about the failure? I tried cloning vs code repo and tsec works for me without problems. There weren't any suspicious changes in the repo recently which could cause such breakage.

@jrieken
Copy link
Member Author

jrieken commented Oct 5, 2020

This is confusing... I was getting this error even after a refresh install. Now it seems to be working 😕

jrieken@Johanness-MBP-2 vscode % yarn tsec-compile-check
yarn run v1.19.1
$ node_modules/tsec/bin/tsec -p src/tsconfig.json --noEmit
/bin/sh: node_modules/tsec/bin/tsec: No such file or directory
error Command failed with exit code 127.

@joaomoreno
Copy link
Member

  ERR Failed to execute 'invoke' on 'CreateHTMLCallback': The provided callback is no longer runnable.: Error: Failed to execute 'invoke' on 'CreateHTMLCallback': The provided callback is no longer runnable.
    at ViewLayerRenderer._finishRenderingNewLines (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewLayer.js:378:60)
    at ViewLayerRenderer._finishRendering (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewLayer.js:438:26)
    at ViewLayerRenderer.render (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewLayer.js:288:22)
    at VisibleLinesCollection.renderLines (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewLayer.js:263:37)
    at ViewLines.renderText (file:///home/joao/Work/vscode/out/vs/editor/browser/viewParts/lines/viewLines.js:427:32)
    at View._actualRender (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewImpl.js:242:33)
    at file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewImpl.js:213:40
    at safeInvokeNoArg (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewImpl.js:366:20)
    at View._renderNow (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewImpl.js:213:13)
    at View.restoreState (file:///home/joao/Work/vscode/out/vs/editor/browser/view/viewImpl.js:266:18)
    at CodeEditorWidget.restoreViewState (file:///home/joao/Work/vscode/out/vs/editor/browser/widget/codeEditorWidget.js:605:38)
    at DiffEditorWidget.restoreViewState (file:///home/joao/Work/vscode/out/vs/editor/browser/widget/diffEditorWidget.js:649:38)
    at TextDiffEditor.restoreTextDiffEditorViewState (file:///home/joao/Work/vscode/out/vs/workbench/browser/parts/editor/textDiffEditor.js:111:33)
    at TextDiffEditor.setInput (file:///home/joao/Work/vscode/out/vs/workbench/browser/parts/editor/textDiffEditor.js:80:49)
    at async EditorControl.doSetInput (file:///home/joao/Work/vscode/out/vs/workbench/browser/parts/editor/editorControl.js:130:17)
    at async EditorControl.openEditor (file:///home/joao/Work/vscode/out/vs/workbench/browser/parts/editor/editorControl.js:48:35)
    at async file:///home/joao/Work/vscode/out/vs/workbench/browser/parts/editor/editorGroupView.js:735:40
    at async EditorGroupView.restoreEditors (file:///home/joao/Work/vscode/out/vs/workbench/browser/parts/editor/editorGroupView.js:326:13)

@koto
Copy link

koto commented Nov 16, 2020

When the error occurs, are you inside a Chrome devtools debugging session? This might be https://bugs.chromium.org/p/chromium/issues/detail?id=1131368.

@jrieken
Copy link
Member Author

jrieken commented Nov 16, 2020

Yeah. @joaomoreno saw this when running/debugging VS Code from within VS Code

@koto
Copy link

koto commented Nov 16, 2020

Then it's very likely that bug (sorry!), it should not manifest itself during regular execution, only when the e.g. one is inside a breakpoint. By now we have a good idea on how to fix this.

@jrieken
Copy link
Member Author

jrieken commented Nov 30, 2020

Closing this as trusted types policy usage just happens. Currently, most policies aren't doing real checks and once we have sink usages covered we should look at policies in detail

@jrieken jrieken closed this as completed Nov 30, 2020
@github-actions github-actions bot locked and limited conversation to collaborators Jan 15, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
engineering VS Code - Build / issue tracking / etc.
Projects
None yet
Development

No branches or pull requests

6 participants