From 2cc14f9df7f2e110f2253d1aa6e6d626779f7383 Mon Sep 17 00:00:00 2001 From: Shaik Saif Ali Date: Thu, 17 Jun 2021 17:04:49 +0530 Subject: [PATCH 1/4] test fails with doctype This might have missed it in hindsight, but the test fails as someone follows the tutorials. Changing it from `` to `` solves the problem --- docs/docs/create-a-practice-tutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/create-a-practice-tutorial.md b/docs/docs/create-a-practice-tutorial.md index 05c2b31e..16154fd4 100644 --- a/docs/docs/create-a-practice-tutorial.md +++ b/docs/docs/create-a-practice-tutorial.md @@ -285,7 +285,7 @@ describe('index.html', () => { }) it('should have a DOCTYPE', () => { - assert(//i.test(indexFile)) + assert(//i.test(indexFile)) }) }) ``` From 2acc3532c8f76bb5a6537634fa0808e9e151a1bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Aug 2021 07:39:48 +0000 Subject: [PATCH 2/4] Bump path-parse from 1.0.6 to 1.0.7 Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index ca019afa..58469492 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4365,9 +4365,9 @@ path-key@^3.0.0, path-key@^3.1.0: integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-type@^2.0.0: version "2.0.0" From 7566f566416c8a9177a9ae53b8e924c46c19d9df Mon Sep 17 00:00:00 2001 From: shmck Date: Sat, 28 Aug 2021 09:52:05 -0700 Subject: [PATCH 3/4] support csp exceptions Signed-off-by: shmck --- docs/docs/env-vars.md | 2 ++ src/environment.ts | 5 +++++ src/services/webview/render.ts | 8 ++++++++ 3 files changed, 15 insertions(+) diff --git a/docs/docs/env-vars.md b/docs/docs/env-vars.md index 9c12b66a..1b49ea55 100644 --- a/docs/docs/env-vars.md +++ b/docs/docs/env-vars.md @@ -16,6 +16,8 @@ CodeRoad has a number of configurations: - `CODEROAD_ADMIN_MODE` - a mode for tutorial developers. Under the "Review" page, you can jump around between levels & steps to test development. Defaults `false`. +- `CODEROAD_CONTENT_SECURITY_POLICY_EXEMPTIONS` - a list of CSP exemption hashes. For multiples, separate the list with a space. + ## How to Use Variables ### Local diff --git a/src/environment.ts b/src/environment.ts index 3ea84864..8b7f5f3f 100644 --- a/src/environment.ts +++ b/src/environment.ts @@ -38,3 +38,8 @@ if (!supportedOS.includes(OS_PLATFORM)) { export const TUTORIAL_URL: string | null = process.env.CODEROAD_TUTORIAL_URL || null export const DISABLE_RUN_ON_SAVE = (process.env.CODEROAD_DISABLE_RUN_ON_SAVE || '').toLowerCase() === 'true' + +// bypass "Refused to execute inline script because it violates the following Content Security Policy directive" issue +// for multiple exemptions, separate each with a space "a1 b1" +export const CONTENT_SECURITY_POLICY_EXEMPTIONS: string | null = + process.env.CODEROAD_CONTENT_SECURITY_POLICY_EXEMPTIONS || null diff --git a/src/services/webview/render.ts b/src/services/webview/render.ts index 3ebef8a5..b157b167 100644 --- a/src/services/webview/render.ts +++ b/src/services/webview/render.ts @@ -2,6 +2,7 @@ import { JSDOM } from 'jsdom' import * as path from 'path' import * as vscode from 'vscode' import { onError } from '../telemetry' +import { CONTENT_SECURITY_POLICY_EXEMPTIONS } from '../../environment' const getNonce = (): string => { let text = '' @@ -46,6 +47,13 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise Date: Sat, 28 Aug 2021 17:00:12 +0000 Subject: [PATCH 4/4] Bump path-parse from 1.0.6 to 1.0.7 in /docs Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index 1336eb4f..41e5f93f 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -6794,9 +6794,9 @@ path-key@^3.0.0, path-key@^3.1.0: integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.6.tgz#d62dbb5679405d72c4737ec58600e9ddcf06d24c" - integrity sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw== + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== path-to-regexp@0.1.7: version "0.1.7"