(webview: Webview, file: string, title: string, dir: string, webviewDir: string)
| 649 | } |
| 650 | |
| 651 | export async function getWebviewHtml(webview: Webview, file: string, title: string, dir: string, webviewDir: string): Promise<string> { |
| 652 | const observerPath = Uri.file(path.join(webviewDir, 'observer.js')); |
| 653 | const body = (await readContent(file, 'utf8') || '').toString() |
| 654 | .replace(/<(\w+)(.*)\s+(href|src)="(?!\w+:)/g, |
| 655 | `<$1 $2 $3="${String(webview.asWebviewUri(Uri.file(dir)))}/`); |
| 656 | |
| 657 | // define the content security policy for the webview |
| 658 | // * whilst it is recommended to be strict as possible, |
| 659 | // * there are several packages that require unsafe requests |
| 660 | const CSP = ` |
| 661 | upgrade-insecure-requests; |
| 662 | default-src https: data: filesystem:; |
| 663 | style-src https: data: filesystem: 'unsafe-inline'; |
| 664 | script-src https: data: filesystem: 'unsafe-inline' 'unsafe-eval'; |
| 665 | worker-src https: data: filesystem: blob:; |
| 666 | `; |
| 667 | |
| 668 | return ` |
| 669 | <!DOCTYPE html> |
| 670 | <html lang="en"> |
| 671 | <head> |
| 672 | <meta charset="UTF-8"> |
| 673 | <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| 674 | <meta http-equiv="Content-Security-Policy" content="${CSP}"> |
| 675 | <title>${title}</title> |
| 676 | <style> |
| 677 | body { |
| 678 | color: black; |
| 679 | } |
| 680 | </style> |
| 681 | </head> |
| 682 | <body> |
| 683 | <span id="webview-content"> |
| 684 | ${body} |
| 685 | </span> |
| 686 | </body> |
| 687 | <script src="${String(webview.asWebviewUri(observerPath))}"></script> |
| 688 | </html>`; |
| 689 | } |
| 690 | |
| 691 | function isFromWorkspace(dir: string) { |
| 692 | if (workspace.workspaceFolders === undefined) { |
no test coverage detected