remove default tt-policy since electron/electron#27211 is fixed, elec…

…tron/electron#27211
microsoft · Jun 25, 2021 · 6c3defb · 6c3defb
1 parent f9f0798
commit 6c3defb
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 36 deletions.
diff --git a/src/vs/code/electron-browser/workbench/workbench.html b/src/vs/code/electron-browser/workbench/workbench.html
@@ -4,7 +4,7 @@
 	<head>
 		<meta charset="utf-8" />
 		<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' https: data: blob: vscode-remote-resource:; media-src 'none'; frame-src 'self' vscode-webview:; object-src 'self'; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' https: ws:; font-src 'self' https: vscode-remote-resource:;">
-		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types default TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
+		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
 	</head>
 	<body aria-label="">
 	</body>

diff --git a/src/vs/code/electron-browser/workbench/workbench.js b/src/vs/code/electron-browser/workbench/workbench.js
@@ -68,23 +68,6 @@
 		}
 	);
 
-	// add default trustedTypes-policy for logging and to workaround
-	// lib/platform limitations
-	window.trustedTypes?.createPolicy('default', {
-		createHTML(value) {
-			// see https://github.com/electron/electron/issues/27211
-			// Electron webviews use a static innerHTML default value and
-			// that isn't trusted. We use a default policy to check for the
-			// exact value of that innerHTML-string and only allow that.
-			if (value === '<!DOCTYPE html><style type="text/css">:host { display: flex; }</style>') {
-				return value;
-			}
-			throw new Error('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// console.trace('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// return value;
-		}
-	});
-
 	//#region Helpers
 
 	/**

diff --git a/src/vs/code/electron-sandbox/workbench/workbench.html b/src/vs/code/electron-sandbox/workbench/workbench.html
@@ -4,7 +4,7 @@
 	<head>
 		<meta charset="utf-8" />
 		<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' https: data: blob: vscode-remote-resource:; media-src 'none'; frame-src 'self' vscode-webview:; object-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https: ws:; font-src 'self' https: vscode-remote-resource:;">
-		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types default TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
+		<meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'; trusted-types TrustedFunctionWorkaround ExtensionScripts amdLoader cellRendererEditorText defaultWorkerFactory diffEditorWidget editorGhostText domLineBreaksComputer editorViewLayer diffReview extensionHostWorker insane notebookRenderer safeInnerHtml standaloneColorizer tokenizeToString webNestedWorkerExtensionHost webWorkerExtensionHost;">
 	</head>
 	<body aria-label="">
 	</body>

diff --git a/src/vs/code/electron-sandbox/workbench/workbench.js b/src/vs/code/electron-sandbox/workbench/workbench.js
@@ -68,23 +68,6 @@
 		}
 	);
 
-	// add default trustedTypes-policy for logging and to workaround
-	// lib/platform limitations
-	window.trustedTypes?.createPolicy('default', {
-		createHTML(value) {
-			// see https://github.com/electron/electron/issues/27211
-			// Electron webviews use a static innerHTML default value and
-			// that isn't trusted. We use a default policy to check for the
-			// exact value of that innerHTML-string and only allow that.
-			if (value === '<!DOCTYPE html><style type="text/css">:host { display: flex; }</style>') {
-				return value;
-			}
-			throw new Error('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// console.trace('UNTRUSTED html usage, default trusted types policy should NEVER be reached');
-			// return value;
-		}
-	});
-
 	//#region Helpers
 
 	/**