Fix Trusted Types violation (round #1) #106285
Description
This is part of the TrustedTypes effort (see #103699) and a list of innerHTML usages which we avoid. To compile a list of violations
- run
yarn web --trusted-types - open http://localhost:8080/ in Edge or Chrome
- open console and check for "[Report Only] This document requires 'TrustedHTML' assignment."-messages
Also, there is .vscode/searches/TrustedTypes.code-search which finds all occurences of innerHTML. There are common sources of violation and therefore common fixes
- styling via
style.innerHTML➡️ usetextContentinstead (example c112f84) - clear a node via
node.innerHTML = ''➡️ usedom.ts#clearNodeornode.innerText = '' - building dom nodes ➡️ use
dom.$ordocument.createElementand friends
- abstractTextMateService.js:250 @alexdima
- abstractTree.js:1075 @joaomoreno
- codiconStyles.js:17 @aeschli
- compositePart.js:277 @jrieken
- dirtydiffDecorator.js:1020 @joaomoreno
- explorerView.js:628 @isidorn
- listWidget.js:634 @joaomoreno
- menubar.js:419 @sbatten
- sash.js:35 @joaomoreno
- statusbarColorProvider.js:74 @bpasero
- statusbarPart.js:497 @bpasero
-
viewLayer.js:394@alexdima <-- will not happen, this is part of fine-tuned editor rendering, building dom nodes is not an option - watermark.js:105 @chrmarti
- workbenchThemeService.js:560 @aeschli