Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get ready for workspace trust #231

Merged
merged 10 commits into from
May 13, 2021
Merged

Get ready for workspace trust #231

merged 10 commits into from
May 13, 2021

Conversation

yhatt
Copy link
Member

@yhatt yhatt commented May 12, 2021
edited
Loading

Related: #194

Background

Based on a vulnerabled classic Marp, we always have importance to security.

Our core features like export and theme CSS support may read potentially dangerous to user. For example:

  • Execute malicious script contained in Markdown with user-land Chromium, while exporting PDF.
  • Track a usage through a network request triggered by the remote theme set by workspace.

Markdown preview (provided by VS Code) has already a security layer, but extended features by Marp are not. We have not adopted a potentially dangerous feature even if wanted by several users (such as #123).

VS Code team is working for the trusted workspace, the security mechanism for preventing malicious workspace. Marp should follow it to save users from some maliciouses.

Behavior

If enabled trusted workspace security.workspace.trust.enabled:

  • All of features will work well in the trusted workspace as usual.
  • In untrusted workspace, we will only enable features about basic Markdown preview.

    • markdown.marp.export command will not work. Instead show a prompt for checking workspace trust setting to user.

    • markdown.marp.themes configuration by the workspace will ignore, as same as VS Code's Markdown preview markdown.styles. But accept if configured as user setting.

    • In the untrusted workspace, markdown.marp.enableHtml will be recognized as always false.

    • In quick pick menu, the export command will mark by the shield icon.

@yhatt yhatt marked this pull request as ready for review May 13, 2021 01:36
yhatt added 6 commits May 13, 2021 10:59
@yhatt
Update README.md
8dadb36
@yhatt
Add markdown.marp.enableHtml to restrictedConfigurations
3d631a8
@yhatt
Update README.md
10ac238
@yhatt
Add test case for quick pick
617f1d9
@yhatt
Always prevent HTML setting in untrusted workspace
04668fd 
User setting is still available even if in the untrusted workspace.
Using an inherited HTML setting may have potentially dangerous when
showing Markdown preview in untrusted workspace, so we have to always
prevent HTML whenever the workspace is not trusted.
@yhatt
[ci skip] Update README.md
e9a663c
@yhatt
Copy link
Member Author

yhatt commented May 13, 2021

We are going to merge into v1 working branch instead of main.

@yhatt yhatt changed the base branch from main to v1 May 13, 2021 05:23
@yhatt yhatt merged commit 2ac8361 into v1 May 13, 2021
@yhatt yhatt deleted the workspace-trust branch May 13, 2021 05:23
@yhatt yhatt mentioned this pull request May 15, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@yhatt