New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Markdown Security Policy to allow local HTTP content #46473

merged 1 commit into from Mar 26, 2018


None yet
3 participants
Copy link

anoff commented Mar 24, 2018

fixes #46418

Added another Security Policy option that allows image, media, style and font data to be loaded via (unsafe) http from localhost and Even though Google CSP Evaluator recommends adding object-src to prevent injection I refrained from adding it would deviate from the standard set by the existing policies. Maybe worth updating all of them in one PR?

screen shot 2018-03-24 at 12 37 07

Steps taken to test:

  • ran tests: 3934 passing
  • successful local build for darwin
  • tested new policy that it won't load http:// from www but will load from localhost web server

This comment has been minimized.

Copy link

msftclas commented Mar 24, 2018

CLA assistant check
All CLA requirements met.

@mjbvz mjbvz added this to the March 2018 milestone Mar 26, 2018

@mjbvz mjbvz merged commit e64b9b4 into Microsoft:master Mar 26, 2018

2 of 3 checks passed

continuous-integration/travis-ci/pr The Travis CI build could not complete due to an error
continuous-integration/appveyor/pr AppVeyor build succeeded
license/cla All CLA requirements met.

This comment has been minimized.

Copy link

mjbvz commented Mar 26, 2018

Great! This will be in the insiders build and should go out in VS Code 1.22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment