Fix Trusted Types violations (round #3)

[jrieken]

Current remaining violations. Compiled this list using yarn tsec-compile-check and the .vscode/searches/TrustedTypes.code-search

Usage of innerHTML

• src/vs/editor/browser/view/domLineBreaksComputer.ts @alexdima
• src/vs/editor/browser/widget/diffEditorWidget.ts @alexdima
• src/vs/editor/standalone/browser/colorizer.ts @alexdima
• xtermjs Avoid innerHTML usages xtermjs/xterm.js#3190, update to latest xterm.js @Tyriar

Worker, use createScriptUrl

• src/vs/base/worker/defaultWorkerFactory.ts @alexdima
• src/vs/workbench/services/extensions/browser/webWorkerExtensionHost.ts @alexdima
• src/vs/workbench/services/extensions/worker/extensionHostWorker.ts @alexdima

Script.text

• src/vs/workbench/contrib/notebook/browser/view/renderers/webviewPreloads.ts @connor4312

[alexdima]

FYI @jrieken : running yarn tsec-compile-check shows much more errors than the ones captured above. This can be easily reproduced using yarn upgrade tsec --latest which I did on my machine and got a newer node module.

[jrieken]

Worker -- I don't know what to do here, we use new Worker()

@alexdima for workers a trusted script url should be enough to fix things

[jrieken]

Since the tsec tool is still over eager with errors and incompatible with latest TS syntax:
ttpatch.diff.txt The patch installs a default trusted types policy and warns whenever that's being used. For this to work need to run the "right code" - which is sometimes tricky.

[connor4312]

sorry for the silly question, this is my first trusted types ping -- what should I do if the usage is intended? In the renderer webview, we intentionally want to insert unsanitized HTML that's rendered for the webview.

[alexdima]

@connor4312 Here are 3 examples of what I had to do when I really had to use .innerHTML:

84cf12f#diff-b41fb33a1ffaa149285201e892f84c51e34e9eda746019cf41e7209972ff3d51

[connor4312]

got it, thanks!