Skip to content

Commit 24f636d

Browse files
jdneojdneo
authored
fix: Add CSP in the web view header (LeetCode-OpenSource#394)
1 parent b96e7f5 commit 24f636d

File tree

3 files changed

+3
-0
lines changed

3 files changed

+3
-0
lines changed

src/webview/leetCodePreviewProvider.ts

+1
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ class LeetCodePreviewProvider extends LeetCodeWebview {
101101
<!DOCTYPE html>
102102
<html>
103103
<head>
104+
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src https:; script-src vscode-resource: 'unsafe-inline'; style-src vscode-resource: 'unsafe-inline';"/>
104105
${markdownEngine.getStyles()}
105106
${!this.sideMode ? button.style : ""}
106107
<style>

src/webview/leetCodeSolutionProvider.ts

+1
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ class LeetCodeSolutionProvider extends LeetCodeWebview {
5050
<!DOCTYPE html>
5151
<html>
5252
<head>
53+
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src https:; script-src vscode-resource:; style-src vscode-resource:;"/>
5354
${styles}
5455
</head>
5556
<body class="vscode-body 'scrollBeyondLastLine' 'wordWrap' 'showEditorSelection'" style="tab-size:4">

src/webview/leetCodeSubmissionProvider.ts

+1
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ class LeetCodeSubmissionProvider extends LeetCodeWebview {
2828
return `<!DOCTYPE html>
2929
<html lang="en">
3030
<head>
31+
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src https:; script-src vscode-resource:; style-src vscode-resource:;"/>
3132
<meta charset="UTF-8">
3233
<meta name="viewport" content="width=device-width, initial-scale=1.0">
3334
${markdownEngine.getStyles()}

0 commit comments

Comments
 (0)