Add allow list of valid notebook command uris (#163322) (#21701)

* Add allow list of valid notebook command uris (#163322) This restricts notebooks to run three command uris. These 3 commands should all be safe to run, even with untrusted inputs * Fix incorrectly resolved merge conflict Co-authored-by: Matt Bierner <matb@microsoft.com>
2026-02-16 18:46:40 -05:00 · 2023-01-23 12:01:53 -08:00
parent cabe158f07
commit ac4afbec6c
1 changed files with 27 additions and 31 deletions
--- a/src/vs/workbench/contrib/notebook/browser/view/renderers/backLayerWebView.ts
+++ b/src/vs/workbench/contrib/notebook/browser/view/renderers/backLayerWebView.ts
@@ -539,24 +539,8 @@ var requirejs = (function() {
 				return;
 			}
-			if (matchesScheme(link, Schemas.command)) {
+			if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
-				const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(link);
+				this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: false });
 				if (ret && ret.length === 2) {
 					const outputId = ret[1];
 					this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
 					return;
 				}
 				console.warn('Command links are deprecated and will be removed, use message passing instead: https://github.com/microsoft/vscode/issues/123601');
 			}
 			if (matchesScheme(link, Schemas.command)) {
 				if (this.workspaceTrustManagementService.isWorkspaceTrusted()) {
 					this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
 				} else {
 					console.warn('Command links are disabled in untrusted workspaces');
 				}
 			} else if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
 				this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
 			}
 		}));
@@ -666,12 +650,14 @@ var requirejs = (function() {
 				}
 				case 'clicked-link': {
 					let linkToOpen: URI | string | undefined;
 					if (matchesScheme(data.href, Schemas.command)) {
 						const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(data.href);
 						if (ret && ret.length === 2) {
 							const outputId = ret[1];
 							const group = this.editorGroupService.activeGroup;
 					if (matchesScheme(data.href, Schemas.command)) {
 						// We allow a very limited set of commands
 						const uri = URI.parse(data.href);
 						switch (uri.path) {
 							case 'workbench.action.openLargeOutput': {
 								const outputId = uri.query;
 								const group = this.editorGroupService.activeGroup;
 								if (group) {
 									if (group.activeEditor) {
 										group.pinEditor(group.activeEditor);
@@ -681,8 +667,18 @@ var requirejs = (function() {
 								this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
 								return;
 							}
 							case 'github-issues.authNow':
 							case 'workbench.extensions.search':
 							case 'workbench.action.openSettings': {
 								this.openerService.open(data.href, { fromUserGesture: true, allowCommands: true });
 								return;
 							}
-					if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.command, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {
+						}
 						return;
 					}
 					if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {
 						linkToOpen = data.href;
 					} else if (!/^[\w\-]+:/.test(data.href)) {
 						if (this.documentUri.scheme === Schemas.untitled) {
@@ -711,7 +707,7 @@ var requirejs = (function() {
 					}
 					if (linkToOpen) {
-						this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: true });
+						this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: false });
 					}
 					break;
 				}