pipe workspace boolean for opener service validator

[sbatten]

fixes #150828

after trying to implement the proposal I realize that the opener service needs to know validator specific knowledge to execute this flow properly. in order to avoid pollution of knowledge, I went with something like fromUserGesture but fromWorkspace. I adopted it for clicking links in webviews (markdown preview) and editors link detection.

[bpasero]

So when would opening a link not be from the workspace? I am not sure I fully understand when this is true and when this is false, maybe the name is just confusing.

[sbatten]

The case that spawned this change is the sponsor link from the extension description page. That is not from the workspace. I also did not add this for link detection in terminals since they can be created by tooling very easily.

[bpasero]

For editors: is it possible that you open an untrusted file in a trusted workspace and then we wrongly set fromWorkspace? Also, what if the file is outside of the workspace, does it matter?

For webview: I am not entirely sure this covers only the cases we expect it to, so I suggest to let more people review this change, including someone from the editor team and someone from the webview team?

Finally, is the sponsor link considered fromWorkspace or not? And does fromWorkspace bring up a dialog or not?

[sbatten]

For editors: is it possible that you open an untrusted file in a trusted workspace and then we wrongly set fromWorkspace? Also, what if the file is outside of the workspace, does it matter?

Once an untrusted file is brought into the workspace, it can be treated as part of the workspace. This is the current model workspace trust uses. However, it is bleeding that assumption into the opener service's model which is a problem with the change as a whole. Though, the alternative is to remove this feature entirely or associate an source with every open call and have validators figure that out. Though we have exactly 1 validator.

Finally, is the sponsor link considered fromWorkspace or not? And does fromWorkspace bring up a dialog or not?

fromWorkspace is false and will be validated by trusted domains. Whether or not a prompt shows depends on the domain.

[sbatten]

@bpasero had this set to auto merge so it got merged, if you have additional comments, we can revert or make additional changes

[rebornix]

The changes to editor and notebook look safe to me but as @mjbvz pointed out above, setting workspace: "true" is not going to 100% accurate in practice as

• Editor links can be provided by both builtin link detector, and link provider extensions
• Notebook cell output and markdown renderers can come from extensions

In both cases, we don't guarantee that the extensions don't generate on their own. With that said, there is no way to know unless we treat all content from extensions as "non-workspace".