fixes microsoft#100168

joaomoreno · joaomoreno · commit cb29362cc79f · 2020-06-15T10:28:35.000+02:00
diff --git a/extensions/extension-editing/src/extensionLinter.ts b/extensions/extension-editing/src/extensionLinter.ts
@@ -16,6 +16,11 @@ import { languages, workspace, Disposable, TextDocument, Uri, Diagnostic, Range,
 
 const product = JSON.parse(fs.readFileSync(path.join(env.appRoot, 'product.json'), { encoding: 'utf-8' }));
 const allowedBadgeProviders: string[] = (product.extensionAllowedBadgeProviders || []).map((s: string) => s.toLowerCase());
+const allowedBadgeProvidersRegex: RegExp[] = (product.extensionAllowedBadgeProvidersRegex || []).map((r: string) => new RegExp(r));
+
+function isTrustedSVGSource(uri: Uri): boolean {
+	return allowedBadgeProviders.includes(uri.authority.toLowerCase()) || allowedBadgeProvidersRegex.some(r => r.test(uri.toString()));
+}
 
 const httpsRequired = localize('httpsRequired', "Images must use the HTTPS protocol.");
 const svgsNotValid = localize('svgsNotValid', "SVGs are not a valid image source.");
@@ -321,7 +326,7 @@ export class ExtensionLinter {
 			diagnostics.push(new Diagnostic(range, message, DiagnosticSeverity.Warning));
 		}
 
-		if (endsWith(uri.path.toLowerCase(), '.svg') && allowedBadgeProviders.indexOf(uri.authority.toLowerCase()) === -1) {
+		if (endsWith(uri.path.toLowerCase(), '.svg') && !isTrustedSVGSource(uri)) {
 			const range = new Range(document.positionAt(begin), document.positionAt(end));
 			diagnostics.push(new Diagnostic(range, svgsNotValid, DiagnosticSeverity.Warning));
 		}
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "code-oss-dev",
   "version": "1.47.0",
-  "distro": "4eca5644666fe6fde9d765e71d0ca870f3c076a6",
+  "distro": "6ddb25a97095c2b3a88c3e54cbf7c4657c5bdf4d",
   "author": {
     "name": "Microsoft Corporation"
   },
@@ -181,4 +181,4 @@
     "windows-mutex": "0.3.0",
     "windows-process-tree": "0.2.4"
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "code-oss-dev",`
`3`	`3`	`"version": "1.47.0",`
`4`		`- "distro": "4eca5644666fe6fde9d765e71d0ca870f3c076a6",`
	`4`	`+ "distro": "6ddb25a97095c2b3a88c3e54cbf7c4657c5bdf4d",`
`5`	`5`	`"author": {`
`6`	`6`	`"name": "Microsoft Corporation"`
`7`	`7`	`},`
`@@ -181,4 +181,4 @@`
`181`	`181`	`"windows-mutex": "0.3.0",`
`182`	`182`	`"windows-process-tree": "0.2.4"`
`183`	`183`	`}`
`184`		`-}`
	`184`	`+}`