allow linking to downloadable data: URIs from notifications
Created by: sqs
This makes it possible for extensions to show notifications with messages that contain a link that, when clicked, will download a file in the user's browser. To do this, the extension would call
sourcegraph.app.activeWindow.showMessage(
'<a href="data:text/plain,foo" download="bar.txt">Download</a>',
...
)
This will be used by an extension that allows users to export the search results as CSV (https://github.com/sourcegraph/sourcegraph-search-export).
SECURITY: Previously, <a href>
data:
URIs and the <a download>
attribute were removed by the Markdown sanitizer. This commit allows those (if an option allowDataUriDownloads
is set), and the NotificationItem sets allowDataUriDownloads
to true. Any relaxation of HTML sanitization should be examined carefully for risk. In this case, there is no additional risk because this relaxation only allows a link to be displayed that triggers a download. An extension could already effectively call window.open
or print a normal https:
link to another cross-domain page that could immediately trigger the same download upon page load.