You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "allow extension to open URI" dialog truncates the URI and doesn't allow a user to inspect it before approval.
From a security point of view a user may want to inspect the entire URI (that's why the prompt is there in the first place, right?) before allowing VS Code to proceed.
I would expect to be able to hover over the URI, or alternatively provide a button to copy the URI back out for inspection. This specific URI was generated programatically, so a user would have no idea its contents.
Steps to Reproduce:
Click on a vscode URI that will trigger this 'open in URI' dialog.
You can do so in Remote - SSH upon failing to connect to a remote, as a part of the 'diagnose with copilot' flow.
Note that you cannot see the entire URI in the trust dialog. Hovering does not reveal the URI
Does this issue occur when all extensions are disabled?: Yes
The "allow extension to open URI" dialog truncates the URI and doesn't allow a user to inspect it before approval.
From a security point of view a user may want to inspect the entire URI (that's why the prompt is there in the first place, right?) before allowing VS Code to proceed.
I would expect to be able to hover over the URI, or alternatively provide a button to copy the URI back out for inspection. This specific URI was generated programatically, so a user would have no idea its contents.
Steps to Reproduce:
Screen.Recording.2025-01-30.at.3.42.19.PM.mov