Aaron-Junker
commented
8 months ago We do this for security reasons. However the user should be informed of this like in the Previewer.
Open Legend-Master opened 8 months ago
Aaron-Junker
commented
8 months ago We do this for security reasons. However the user should be informed of this like in the Previewer.
htcfreek
commented
8 months ago We should add an information about the disabled JavaScript when previewing HTML files too. Because the html file might behave broken without JavaScript.
Legend-Master
commented
8 months ago Is it possible to just allow local images and videos? This alone shouldn't cause any security problems I think
Aaron-Junker
commented
8 months ago Is it possible to just allow local images and videos? This alone shouldn't cause any security problems I think
I would like to disagree. The security concern for other local images is not really there, but imagine the following scenario:
That's why I don't think enabling this would be a good idea.
Legend-Master
commented
8 months ago A remote resource would be a problem, so I asked if allowing just the local images would be possible, as a lot of readme files contain path reference images
If we we can't separate local resources from the remote ones, I agree disable this entirely would be the right choice
Welding-Torch
commented
8 months ago Would be great if a way to fix this was found.
Maybe you can try sending the request to get the image/video data through the default browser (like Chrome)? That way the security of it is handled by Chrome and the previewer gets to show the media.
Microsoft PowerToys version
0.79.0
Installation method
GitHub
Running as admin
Yes
Area(s) with issue?
Peek
Steps to reproduce
Use Peek to open a markdown file that contains an image
✔️ Expected Behavior
Chromium (local links)
Visual Studio Code (remote links)
❌ Actual Behavior
Chromium (local links)
Visual Studio Code (remote links)
Other Software
No response