From 895f03e8207029870eeb83cb87ff1409ddd6542f Mon Sep 17 00:00:00 2001
From: Matt Bierner <matb@microsoft.com>
Date: Mon, 6 Jul 2020 16:00:25 -0700
Subject: [PATCH] Encode webview state when injecting it into the webview

Fixes #101321

This should make sure we handle cases where the state string contains special characters, such as `<`
---
 src/vs/workbench/contrib/webview/browser/pre/main.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/vs/workbench/contrib/webview/browser/pre/main.js b/src/vs/workbench/contrib/webview/browser/pre/main.js
index 4ee58ff8c0e32..759d9eff733d8 100644
--- a/src/vs/workbench/contrib/webview/browser/pre/main.js
+++ b/src/vs/workbench/contrib/webview/browser/pre/main.js
@@ -135,13 +135,14 @@
 	 * @return {string}
 	 */
 	function getVsCodeApiScript(allowMultipleAPIAcquire, state) {
+		const encodedState = state ? encodeURIComponent(JSON.stringify(state)) : undefined;
 		return `
 			const acquireVsCodeApi = (function() {
 				const originalPostMessage = window.parent.postMessage.bind(window.parent);
 				const targetOrigin = '*';
 				let acquired = false;
 
-				let state = ${state ? `JSON.parse(${JSON.stringify(state)})` : undefined};
+				let state = ${state ? `JSON.parse(decodeURIComponent("${encodedState}"))` : undefined};
 
 				return () => {
 					if (acquired && !${allowMultipleAPIAcquire}) {