| b69ab31 | | | 1 | /** |
| b69ab31 | | | 2 | * Copyright (c) Meta Platforms, Inc. and affiliates. |
| b69ab31 | | | 3 | * |
| b69ab31 | | | 4 | * This source code is licensed under the MIT license found in the |
| b69ab31 | | | 5 | * LICENSE file in the root directory of this source tree. |
| b69ab31 | | | 6 | */ |
| b69ab31 | | | 7 | |
| b69ab31 | | | 8 | import * as crypto from 'crypto'; |
| b69ab31 | | | 9 | import * as vscode from 'vscode'; |
| b69ab31 | | | 10 | |
| b69ab31 | | | 11 | export const devPort = 3015; |
| b69ab31 | | | 12 | export const devUri = `http://localhost:${devPort}`; |
| b69ab31 | | | 13 | |
| b69ab31 | | | 14 | export function getWebviewOptions( |
| b69ab31 | | | 15 | context: vscode.ExtensionContext, |
| b69ab31 | | | 16 | distFolder: string, |
| b69ab31 | | | 17 | ): vscode.WebviewOptions & vscode.WebviewPanelOptions { |
| b69ab31 | | | 18 | return { |
| b69ab31 | | | 19 | enableScripts: true, |
| b69ab31 | | | 20 | retainContextWhenHidden: true, |
| b69ab31 | | | 21 | // Restrict the webview to only loading content from our extension's output directory. |
| b69ab31 | | | 22 | localResourceRoots: [ |
| b69ab31 | | | 23 | vscode.Uri.joinPath(context.extensionUri, distFolder), |
| b69ab31 | | | 24 | vscode.Uri.parse(devUri), |
| b69ab31 | | | 25 | ], |
| b69ab31 | | | 26 | portMapping: [{webviewPort: devPort, extensionHostPort: devPort}], |
| b69ab31 | | | 27 | }; |
| b69ab31 | | | 28 | } |
| b69ab31 | | | 29 | |
| b69ab31 | | | 30 | /** |
| b69ab31 | | | 31 | * Get any extra styles to inject into the webview. |
| b69ab31 | | | 32 | * Important: this is injected into the HTML directly, and should not |
| b69ab31 | | | 33 | * use any user-controlled data that could be used maliciously. |
| b69ab31 | | | 34 | */ |
| b69ab31 | | | 35 | function getVSCodeCompatibilityStyles(): string { |
| b69ab31 | | | 36 | const globalStyles = new Map(); |
| b69ab31 | | | 37 | |
| b69ab31 | | | 38 | const fontFeatureSettings = vscode.workspace |
| b69ab31 | | | 39 | .getConfiguration('editor') |
| b69ab31 | | | 40 | .get<string | boolean>('fontLigatures'); |
| b69ab31 | | | 41 | const validFontFeaturesRegex = /^[0-9a-zA-Z"',\-_ ]*$/; |
| b69ab31 | | | 42 | if (fontFeatureSettings === true) { |
| b69ab31 | | | 43 | // no need to specify specific additional settings |
| b69ab31 | | | 44 | } else if ( |
| b69ab31 | | | 45 | !fontFeatureSettings || |
| b69ab31 | | | 46 | typeof fontFeatureSettings !== 'string' || |
| b69ab31 | | | 47 | !validFontFeaturesRegex.test(fontFeatureSettings) |
| b69ab31 | | | 48 | ) { |
| b69ab31 | | | 49 | globalStyles.set('font-variant-ligatures', 'none'); |
| b69ab31 | | | 50 | } else { |
| b69ab31 | | | 51 | globalStyles.set('font-feature-settings', fontFeatureSettings); |
| b69ab31 | | | 52 | } |
| b69ab31 | | | 53 | |
| b69ab31 | | | 54 | const tabSizeSettings = vscode.workspace.getConfiguration('editor').get<number>('tabSize'); |
| b69ab31 | | | 55 | if (typeof tabSizeSettings === 'number') { |
| b69ab31 | | | 56 | globalStyles.set('--tab-size', tabSizeSettings); |
| b69ab31 | | | 57 | } |
| b69ab31 | | | 58 | |
| b69ab31 | | | 59 | const globalStylesFlat = Array.from(globalStyles, ([k, v]) => `${k}: ${v};`); |
| b69ab31 | | | 60 | return ` |
| b69ab31 | | | 61 | html { |
| b69ab31 | | | 62 | ${globalStylesFlat.join('\n')}; |
| b69ab31 | | | 63 | }`; |
| b69ab31 | | | 64 | } |
| b69ab31 | | | 65 | |
| b69ab31 | | | 66 | /** |
| b69ab31 | | | 67 | * When built in dev mode using vite, files are not written to disk. |
| b69ab31 | | | 68 | * In order to get files to load, we need to set up the server path ourself. |
| b69ab31 | | | 69 | * |
| b69ab31 | | | 70 | * Note: no CSPs in dev mode. This should not be used in production! |
| b69ab31 | | | 71 | */ |
| b69ab31 | | | 72 | function devModeHtmlForWebview( |
| b69ab31 | | | 73 | /** |
| b69ab31 | | | 74 | * CSS to inject into the HTML in a <style> tag |
| b69ab31 | | | 75 | */ |
| b69ab31 | | | 76 | extraStyles: string, |
| b69ab31 | | | 77 | /** |
| b69ab31 | | | 78 | * javascript to inject into the HTML in a <script> tag |
| b69ab31 | | | 79 | * IMPORTANT: this MUST be sanitized to avoid XSS attacks |
| b69ab31 | | | 80 | */ |
| b69ab31 | | | 81 | initialScript: (nonce: string) => string, |
| b69ab31 | | | 82 | devModeScripts: Array<string>, |
| b69ab31 | | | 83 | rootClass: string, |
| b69ab31 | | | 84 | placeholderHtml?: string, |
| b69ab31 | | | 85 | ) { |
| b69ab31 | | | 86 | return `<!DOCTYPE html> |
| b69ab31 | | | 87 | <html lang="en"> |
| b69ab31 | | | 88 | <head> |
| b69ab31 | | | 89 | <meta charset="UTF-8"> |
| b69ab31 | | | 90 | <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| b69ab31 | | | 91 | <base href="${vscode.Uri.parse(devUri)}"> |
| b69ab31 | | | 92 | |
| b69ab31 | | | 93 | <!-- Hot reloading code from Vite. Normally, vite injects this into the HTML. |
| b69ab31 | | | 94 | But since we have to load this statically, we insert it manually here. |
| b69ab31 | | | 95 | See https://github.com/vitejs/vite/blob/734a9e3a4b9a0824a5ba4a5420f9e1176ce74093/docs/guide/backend-integration.md?plain=1#L50-L56 --> |
| b69ab31 | | | 96 | <script type="module"> |
| b69ab31 | | | 97 | import RefreshRuntime from "/@react-refresh" |
| b69ab31 | | | 98 | RefreshRuntime.injectIntoGlobalHook(window) |
| b69ab31 | | | 99 | window.$RefreshReg$ = () => {} |
| b69ab31 | | | 100 | window.$RefreshSig$ = () => (type) => type |
| b69ab31 | | | 101 | window.__vite_plugin_react_preamble_installed__ = true |
| b69ab31 | | | 102 | </script> |
| b69ab31 | | | 103 | <script type="module" src="/@vite/client"></script> |
| b69ab31 | | | 104 | <style> |
| b69ab31 | | | 105 | ${getVSCodeCompatibilityStyles()} |
| b69ab31 | | | 106 | ${extraStyles} |
| b69ab31 | | | 107 | </style> |
| b69ab31 | | | 108 | ${initialScript('')} |
| b69ab31 | | | 109 | ${devModeScripts.map(script => `<script type="module" src="${script}"></script>`).join('\n')} |
| b69ab31 | | | 110 | </head> |
| b69ab31 | | | 111 | <body> |
| b69ab31 | | | 112 | <div id="root" class="${rootClass}"> |
| b69ab31 | | | 113 | ${placeholderHtml ?? 'loading (dev mode)'} |
| b69ab31 | | | 114 | </div> |
| b69ab31 | | | 115 | </body> |
| b69ab31 | | | 116 | </html>`; |
| b69ab31 | | | 117 | } |
| b69ab31 | | | 118 | |
| b69ab31 | | | 119 | const IS_DEV_BUILD = process.env.NODE_ENV === 'development'; |
| b69ab31 | | | 120 | export function htmlForWebview({ |
| b69ab31 | | | 121 | webview, |
| b69ab31 | | | 122 | context, |
| b69ab31 | | | 123 | extraStyles, |
| b69ab31 | | | 124 | initialScript, |
| b69ab31 | | | 125 | title, |
| b69ab31 | | | 126 | rootClass, |
| b69ab31 | | | 127 | extensionRelativeBase, |
| b69ab31 | | | 128 | entryPointFile, |
| b69ab31 | | | 129 | cssEntryPointFile, |
| b69ab31 | | | 130 | devModeScripts, |
| b69ab31 | | | 131 | placeholderHtml, |
| b69ab31 | | | 132 | }: { |
| b69ab31 | | | 133 | webview: vscode.Webview; |
| b69ab31 | | | 134 | context: vscode.ExtensionContext; |
| b69ab31 | | | 135 | /** |
| b69ab31 | | | 136 | * CSS to inject into the HTML in a <style> tag |
| b69ab31 | | | 137 | */ |
| b69ab31 | | | 138 | extraStyles: string; |
| b69ab31 | | | 139 | /** |
| b69ab31 | | | 140 | * javascript to inject into the HTML in a <script> tag |
| b69ab31 | | | 141 | * IMPORTANT: this MUST be sanitized to avoid XSS attacks |
| b69ab31 | | | 142 | */ |
| b69ab31 | | | 143 | initialScript: (nonce: string) => string; |
| b69ab31 | | | 144 | /** <head>'s <title> of the webview */ |
| b69ab31 | | | 145 | title: string; |
| b69ab31 | | | 146 | /** className to apply to the root <div> */ |
| b69ab31 | | | 147 | rootClass: string; |
| b69ab31 | | | 148 | /** Base directory the webview loads from, where `/` in HTTP requests is relative to */ |
| b69ab31 | | | 149 | extensionRelativeBase: string; |
| b69ab31 | | | 150 | /** Built entry point .js javascript file name to load, relative to extensionRelativeBase */ |
| b69ab31 | | | 151 | entryPointFile: string; |
| b69ab31 | | | 152 | /** Built bundle .css file name to load, relative to extensionRelativeBase */ |
| b69ab31 | | | 153 | cssEntryPointFile: string; |
| b69ab31 | | | 154 | /** Entry point scripts used in dev mode, needed for hot reloading */ |
| b69ab31 | | | 155 | devModeScripts: Array<string>; |
| b69ab31 | | | 156 | /** Placeholder HTML element to show while the webview is loading */ |
| b69ab31 | | | 157 | placeholderHtml?: string; |
| b69ab31 | | | 158 | }) { |
| b69ab31 | | | 159 | // Only allow accessing resources relative to webview dir, |
| b69ab31 | | | 160 | // and make paths relative to here. |
| b69ab31 | | | 161 | const baseUri = webview.asWebviewUri( |
| b69ab31 | | | 162 | vscode.Uri.joinPath(context.extensionUri, extensionRelativeBase), |
| b69ab31 | | | 163 | ); |
| b69ab31 | | | 164 | |
| b69ab31 | | | 165 | if (IS_DEV_BUILD) { |
| b69ab31 | | | 166 | return devModeHtmlForWebview( |
| b69ab31 | | | 167 | extraStyles, |
| b69ab31 | | | 168 | initialScript, |
| b69ab31 | | | 169 | devModeScripts, |
| b69ab31 | | | 170 | rootClass, |
| b69ab31 | | | 171 | placeholderHtml, |
| b69ab31 | | | 172 | ); |
| b69ab31 | | | 173 | } |
| b69ab31 | | | 174 | |
| b69ab31 | | | 175 | const scriptUri = entryPointFile; |
| b69ab31 | | | 176 | |
| b69ab31 | | | 177 | // Use a nonce to only allow specific scripts to be run |
| b69ab31 | | | 178 | const nonce = getNonce(); |
| b69ab31 | | | 179 | |
| b69ab31 | | | 180 | const CSP = [ |
| b69ab31 | | | 181 | `default-src ${webview.cspSource}`, |
| b69ab31 | | | 182 | `style-src ${webview.cspSource} 'unsafe-inline'`, |
| b69ab31 | | | 183 | // vscode-webview-ui needs to use style-src-elem without the nonce |
| b69ab31 | | | 184 | `style-src-elem ${webview.cspSource} 'unsafe-inline'`, |
| b69ab31 | | | 185 | `font-src ${webview.cspSource} data:`, |
| b69ab31 | | | 186 | `img-src ${webview.cspSource} https: data:`, |
| b69ab31 | | | 187 | `script-src ${webview.cspSource} 'nonce-${nonce}' 'wasm-unsafe-eval'`, |
| b69ab31 | | | 188 | `script-src-elem ${webview.cspSource} 'nonce-${nonce}'`, |
| b69ab31 | | | 189 | `worker-src ${webview.cspSource} 'nonce-${nonce}' blob:`, |
| b69ab31 | | | 190 | ].join('; '); |
| b69ab31 | | | 191 | |
| b69ab31 | | | 192 | return `<!DOCTYPE html> |
| b69ab31 | | | 193 | <html lang="en"> |
| b69ab31 | | | 194 | <head> |
| b69ab31 | | | 195 | <meta charset="UTF-8"> |
| b69ab31 | | | 196 | <meta http-equiv="Content-Security-Policy" content="${CSP}"> |
| b69ab31 | | | 197 | <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| b69ab31 | | | 198 | <base href="${baseUri}/"> |
| b69ab31 | | | 199 | <title>${title}</title> |
| b69ab31 | | | 200 | |
| b69ab31 | | | 201 | <link href="${cssEntryPointFile}" rel="stylesheet"> |
| b69ab31 | | | 202 | <link href="res/stylex.css" rel="stylesheet"> |
| b69ab31 | | | 203 | <style> |
| b69ab31 | | | 204 | ${getVSCodeCompatibilityStyles()} |
| b69ab31 | | | 205 | ${extraStyles} |
| b69ab31 | | | 206 | </style> |
| b69ab31 | | | 207 | ${initialScript(nonce)} |
| b69ab31 | | | 208 | <script type="module" defer="defer" nonce="${nonce}" src="${scriptUri}"></script> |
| b69ab31 | | | 209 | </head> |
| b69ab31 | | | 210 | <body> |
| b69ab31 | | | 211 | <div id="root" class="${rootClass}"> |
| b69ab31 | | | 212 | ${placeholderHtml ?? 'loading...'} |
| b69ab31 | | | 213 | </div> |
| b69ab31 | | | 214 | </body> |
| b69ab31 | | | 215 | </html>`; |
| b69ab31 | | | 216 | } |
| b69ab31 | | | 217 | |
| b69ab31 | | | 218 | function getNonce(): string { |
| b69ab31 | | | 219 | return crypto.randomBytes(16).toString('base64'); |
| b69ab31 | | | 220 | } |