Merge from vscode 8e0f348413f4f616c23a88ae30030efa85811973 (#6381)

* Merge from vscode 8e0f348413f4f616c23a88ae30030efa85811973

* disable strict null check

extensions/markdown-language-features/src/features/previewContentProvider.ts

@@ -3,17 +3,17 @@
  *  Licensed under the Source EULA. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import * as vscode from 'vscode';
 import * as path from 'path';
-import { MarkdownEngine } from '../markdownEngine';
-
+import * as vscode from 'vscode';
 import * as nls from 'vscode-nls';
-const localize = nls.loadMessageBundle();
-
 import { Logger } from '../logger';
-import { ContentSecurityPolicyArbiter, MarkdownPreviewSecurityLevel } from '../security';
-import { MarkdownPreviewConfigurationManager, MarkdownPreviewConfiguration } from './previewConfig';
+import { MarkdownEngine } from '../markdownEngine';
 import { MarkdownContributionProvider } from '../markdownExtensions';
+import { ContentSecurityPolicyArbiter, MarkdownPreviewSecurityLevel } from '../security';
+import { WebviewResourceProvider } from '../util/resources';
+import { MarkdownPreviewConfiguration, MarkdownPreviewConfigurationManager } from './previewConfig';
+
+const localize = nls.loadMessageBundle();
 
 /**
  * Strings used inside the markdown preview.
@@ -35,8 +35,8 @@ const previewStrings = {
 		'Content Disabled Security Warning')
 };
 
-function escapeAttribute(value: string): string {
-	return value.replace(/"/g, '"');
+function escapeAttribute(value: string | vscode.Uri): string {
+	return value.toString().replace(/"/g, '"');
 }
 
 export class MarkdownContentProvider {
@@ -50,6 +50,7 @@ export class MarkdownContentProvider {
 
 	public async provideTextDocumentContent(
 		markdownDocument: vscode.TextDocument,
+		resourceProvider: WebviewResourceProvider,
 		previewConfigurations: MarkdownPreviewConfigurationManager,
 		initialLine: number | undefined = undefined,
 		state?: any
@@ -63,18 +64,19 @@ export class MarkdownContentProvider {
 			scrollPreviewWithEditor: config.scrollPreviewWithEditor,
 			scrollEditorWithPreview: config.scrollEditorWithPreview,
 			doubleClickToSwitchToEditor: config.doubleClickToSwitchToEditor,
-			disableSecurityWarnings: this.cspArbiter.shouldDisableSecurityWarnings()
+			disableSecurityWarnings: this.cspArbiter.shouldDisableSecurityWarnings(),
+			webviewResourceRoot: resourceProvider.toWebviewResource(markdownDocument.uri).toString(),
 		};
 
 		this.logger.log('provideTextDocumentContent', initialData);
 
 		// Content Security Policy
 		const nonce = new Date().getTime() + '' + new Date().getMilliseconds();
-		const csp = this.getCspForResource(sourceUri, nonce);
+		const csp = this.getCsp(resourceProvider, sourceUri, nonce);
 
 		const body = await this.engine.render(markdownDocument);
 		return `<!DOCTYPE html>
-			<html>
+			<html style="${escapeAttribute(this.getSettingsOverrideStyles(config))}">
 			<head>
 				<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 				${csp}
@@ -82,14 +84,14 @@ export class MarkdownContentProvider {
 					data-settings="${escapeAttribute(JSON.stringify(initialData))}"
 					data-strings="${escapeAttribute(JSON.stringify(previewStrings))}"
 					data-state="${escapeAttribute(JSON.stringify(state || {}))}">
-				<script src="${this.extensionResourcePath('pre.js')}" nonce="${nonce}"></script>
-				${this.getStyles(sourceUri, nonce, config, state)}
-				<base href="${markdownDocument.uri.with({ scheme: 'vscode-resource' }).toString(true)}">
+				<script src="${this.extensionResourcePath(resourceProvider, 'pre.js')}" nonce="${nonce}"></script>
+				${this.getStyles(resourceProvider, sourceUri, config, state)}
+				<base href="${resourceProvider.toWebviewResource(markdownDocument.uri)}">
 			</head>
 			<body class="vscode-body ${config.scrollBeyondLastLine ? 'scrollBeyondLastLine' : ''} ${config.wordWrap ? 'wordWrap' : ''} ${config.markEditorSelection ? 'showEditorSelection' : ''}">
 				${body}
 				<div class="code-line" data-line="${markdownDocument.lineCount}"></div>
-				${this.getScripts(nonce)}
+				${this.getScripts(resourceProvider, nonce)}
 			</body>
 			</html>`;
 	}
@@ -107,13 +109,13 @@ export class MarkdownContentProvider {
 			</html>`;
 	}
 
-	private extensionResourcePath(mediaFile: string): string {
-		return vscode.Uri.file(this.context.asAbsolutePath(path.join('media', mediaFile)))
-			.with({ scheme: 'vscode-resource' })
-			.toString();
+	private extensionResourcePath(resourceProvider: WebviewResourceProvider, mediaFile: string): string {
+		const webviewResource = resourceProvider.toWebviewResource(
+			vscode.Uri.file(this.context.asAbsolutePath(path.join('media', mediaFile))));
+		return webviewResource.toString();
 	}
 
-	private fixHref(resource: vscode.Uri, href: string): string {
+	private fixHref(resourceProvider: WebviewResourceProvider, resource: vscode.Uri, href: string): string {
 		if (!href) {
 			return href;
 		}
@@ -124,42 +126,36 @@ export class MarkdownContentProvider {
 
 		// Assume it must be a local file
 		if (path.isAbsolute(href)) {
-			return vscode.Uri.file(href)
-				.with({ scheme: 'vscode-resource' })
-				.toString();
+			return resourceProvider.toWebviewResource(vscode.Uri.file(href)).toString();
 		}
 
 		// Use a workspace relative path if there is a workspace
 		const root = vscode.workspace.getWorkspaceFolder(resource);
 		if (root) {
-			return vscode.Uri.file(path.join(root.uri.fsPath, href))
-				.with({ scheme: 'vscode-resource' })
-				.toString();
+			return resourceProvider.toWebviewResource(vscode.Uri.file(path.join(root.uri.fsPath, href))).toString();
 		}
 
 		// Otherwise look relative to the markdown file
-		return vscode.Uri.file(path.join(path.dirname(resource.fsPath), href))
-			.with({ scheme: 'vscode-resource' })
-			.toString();
+		return resourceProvider.toWebviewResource(vscode.Uri.file(path.join(path.dirname(resource.fsPath), href))).toString();
 	}
 
-	private computeCustomStyleSheetIncludes(resource: vscode.Uri, config: MarkdownPreviewConfiguration): string {
-		if (Array.isArray(config.styles)) {
-			return config.styles.map(style => {
-				return `<link rel="stylesheet" class="code-user-style" data-source="${escapeAttribute(style)}" href="${escapeAttribute(this.fixHref(resource, style))}" type="text/css" media="screen">`;
-			}).join('\n');
+	private computeCustomStyleSheetIncludes(resourceProvider: WebviewResourceProvider, resource: vscode.Uri, config: MarkdownPreviewConfiguration): string {
+		if (!Array.isArray(config.styles)) {
+			return '';
 		}
-		return '';
+		const out: string[] = [];
+		for (const style of config.styles) {
+			out.push(`<link rel="stylesheet" class="code-user-style" data-source="${escapeAttribute(style)}" href="${escapeAttribute(this.fixHref(resourceProvider, resource, style))}" type="text/css" media="screen">`);
+		}
+		return out.join('\n');
 	}
 
-	private getSettingsOverrideStyles(nonce: string, config: MarkdownPreviewConfiguration): string {
-		return `<style nonce="${nonce}">
-			html, body {
-				${config.fontFamily ? `font-family: ${config.fontFamily};` : ''}
-				${isNaN(config.fontSize) ? '' : `font-size: ${config.fontSize}px;`}
-				${isNaN(config.lineHeight) ? '' : `line-height: ${config.lineHeight};`}
-			}
-		</style>`;
+	private getSettingsOverrideStyles(config: MarkdownPreviewConfiguration): string {
+		return [
+			config.fontFamily ? `--vscode-markdown-font-family: ${config.fontFamily};` : '',
+			isNaN(config.fontSize) ? '' : `--vscode-markdown-font-size: ${config.fontSize}px;`,
+			isNaN(config.lineHeight) ? '' : `--vscode-markdown-line-height: ${config.lineHeight};`,
+		].join(' ');
 	}
 
 	private getImageStabilizerStyles(state?: any) {
@@ -177,37 +173,47 @@ export class MarkdownContentProvider {
 		return ret;
 	}
 
-	private getStyles(resource: vscode.Uri, nonce: string, config: MarkdownPreviewConfiguration, state?: any): string {
-		const baseStyles = this.contributionProvider.contributions.previewStyles
-			.map(resource => `<link rel="stylesheet" type="text/css" href="${escapeAttribute(resource.toString())}">`)
-			.join('\n');
+	private getStyles(resourceProvider: WebviewResourceProvider, resource: vscode.Uri, config: MarkdownPreviewConfiguration, state?: any): string {
+		const baseStyles: string[] = [];
+		for (const resource of this.contributionProvider.contributions.previewStyles) {
+			baseStyles.push(`<link rel="stylesheet" type="text/css" href="${escapeAttribute(resourceProvider.toWebviewResource(resource))}">`);
+		}
 
-		return `${baseStyles}
-			${this.getSettingsOverrideStyles(nonce, config)}
-			${this.computeCustomStyleSheetIncludes(resource, config)}
+		return `${baseStyles.join('\n')}
+			${this.computeCustomStyleSheetIncludes(resourceProvider, resource, config)}
 			${this.getImageStabilizerStyles(state)}`;
 	}
 
-	private getScripts(nonce: string): string {
-		return this.contributionProvider.contributions.previewScripts
-			.map(resource => `<script async src="${escapeAttribute(resource.toString())}" nonce="${nonce}" charset="UTF-8"></script>`)
-			.join('\n');
+	private getScripts(resourceProvider: WebviewResourceProvider, nonce: string): string {
+		const out: string[] = [];
+		for (const resource of this.contributionProvider.contributions.previewScripts) {
+			out.push(`<script async
+				src="${escapeAttribute(resourceProvider.toWebviewResource(resource))}"
+				nonce="${nonce}"
+				charset="UTF-8"></script>`);
+		}
+		return out.join('\n');
 	}
 
-	private getCspForResource(resource: vscode.Uri, nonce: string): string {
+	private getCsp(
+		provider: WebviewResourceProvider,
+		resource: vscode.Uri,
+		nonce: string
+	): string {
+		const rule = provider.cspSource;
 		switch (this.cspArbiter.getSecurityLevelForResource(resource)) {
 			case MarkdownPreviewSecurityLevel.AllowInsecureContent:
-				return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src vscode-resource: http: https: data:; media-src vscode-resource: http: https: data:; script-src 'nonce-${nonce}'; style-src vscode-resource: 'unsafe-inline' http: https: data:; font-src vscode-resource: http: https: data:;">`;
+				return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} http: https: data:; media-src 'self' ${rule} http: https: data:; script-src 'nonce-${nonce}'; style-src 'self' ${rule} 'unsafe-inline' http: https: data:; font-src 'self' ${rule} http: https: data:;">`;
 
 			case MarkdownPreviewSecurityLevel.AllowInsecureLocalContent:
-				return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src vscode-resource: https: data: http://localhost:* http://127.0.0.1:*; media-src vscode-resource: https: data: http://localhost:* http://127.0.0.1:*; script-src 'nonce-${nonce}'; style-src vscode-resource: 'unsafe-inline' https: data: http://localhost:* http://127.0.0.1:*; font-src vscode-resource: https: data: http://localhost:* http://127.0.0.1:*;">`;
+				return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*; media-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*; script-src 'nonce-${nonce}'; style-src 'self' ${rule} 'unsafe-inline' https: data: http://localhost:* http://127.0.0.1:*; font-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*;">`;
 
 			case MarkdownPreviewSecurityLevel.AllowScriptsAndAllContent:
 				return '';
 
 			case MarkdownPreviewSecurityLevel.Strict:
 			default:
-				return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src vscode-resource: https: data:; media-src vscode-resource: https: data:; script-src 'nonce-${nonce}'; style-src vscode-resource: 'unsafe-inline' https: data:; font-src vscode-resource: https: data:;">`;
+				return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} https: data:; media-src 'self' ${rule} https: data:; script-src 'nonce-${nonce}'; style-src 'self' ${rule} 'unsafe-inline' https: data:; font-src 'self' ${rule} https: data:;">`;
 		}
 	}
 }