From d23edbb3380911a072ad344a8f0ea02079e67d27 Mon Sep 17 00:00:00 2001
From: Charles Gagnon <chgagnon@microsoft.com>
Date: Thu, 27 Jan 2022 16:05:31 -0800
Subject: [PATCH] Fix welcome page images (#18180)

---
 .../contrib/welcome/page/browser/az_data_welcome_page.ts        | 2 ++
 src/vs/base/browser/dom.ts                                      | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/sql/workbench/contrib/welcome/page/browser/az_data_welcome_page.ts b/src/sql/workbench/contrib/welcome/page/browser/az_data_welcome_page.ts
index 4ae17da5a8..65e3bbfec5 100644
--- a/src/sql/workbench/contrib/welcome/page/browser/az_data_welcome_page.ts
+++ b/src/sql/workbench/contrib/welcome/page/browser/az_data_welcome_page.ts
@@ -9,6 +9,8 @@ import { localize } from 'vs/nls';
 
 const previewImgDescription = escape(localize('welcomePage.previewBody', "This feature page is in preview. Preview features introduce new functionalities that are on track to becoming a permanent part the product. They are stable, but need additional accessibility improvements. We welcome your early feedback while they are under development."));
 
+// Note - this content is passed through an HTML sanitizer defined in src\vs\base\browser\dom.ts (safeInnerHtml). If something
+// isn't rendering correctly make sure that the tags/attributes and schemas are all listed in the allowed lists.
 export default () => `
 <div class="welcomePageContainer">
 	<div class="welcomePage">
diff --git a/src/vs/base/browser/dom.ts b/src/vs/base/browser/dom.ts
index b1426a0e4d..2b3797619a 100644
--- a/src/vs/base/browser/dom.ts
+++ b/src/vs/base/browser/dom.ts
@@ -1403,7 +1403,7 @@ export function safeInnerHtml(node: HTMLElement, value: string): void {
 			'span': ['data-command', 'role'],
 			'textarea': ['name', 'placeholder', 'required'],
 		},
-		allowedSchemes: ['http', 'https', 'command', 'file'] // {{SQL CARBON EDIT}} Add allowed schema for welcome page support
+		allowedSchemes: ['http', 'https', 'command', 'vscode-file'] // {{SQL CARBON EDIT}} Add allowed schema for welcome page support
 	}, ['class', 'id', 'role', 'tabindex']);
 
 	const html = _ttpSafeInnerHtml?.createHTML(value, options) ?? insane(value, options);