-
Notifications
You must be signed in to change notification settings - Fork 27.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prompt users when opening vscode://file/... URIs #95252
Comments
I guess this is a typo, and should say "now"? |
What is the security concern ? Opening a file using vscode can lead to code execution ? |
@softlion Considering the fact that |
This is what happens when you hire a bunch of SJW to write your code. |
Wait, so opening an untrusted directory in vscode can lead to arbitrary code execution on my machine? (by having a malicious .vscode directory) |
Yes, but requires user interaction:
This is possible because VS Code allows to specify a @Tyriar can probably argue more on the design choice. |
How about giving the option to disable this prompt through settings? |
I didn't actually make this fix, I was just one of the endgame masters for the month. Follow #95670 for an answer on the UX side, normally we opt for the safer side though. |
I have a situation where this is forcing me to answer the question twice. I have an internal tool that generates an HTML page shown in Chrome with links similar to the one below. The link points to the line number, column and file that is opened when I click on the link to the code from HTML page that I display through Chrome. Back when I built the tool, I spent a quite a while trying to stop Chrome from prompting me each time I open the file but just learned to live with it. Now that this has been added to VSCode, anytime I try to open an html link from Chrome to VSCode I am prompted once by Chrome and then a second time by VSCode. I wish both programs had an option to allow bypass without confirmation but it now appears that links like |
In order to eliminate security concerns on Windows, VS Code will now ask the user for permission before opening a URI of the form
vscode://file/<path>
.Credits go to Abdel Adim 'smaury' Oisfi of https://www.shielder.it.
The text was updated successfully, but these errors were encountered: