See redhat-developer/vscode-java#1926 for reference.
Current options/capabilities under consideration for restriction in an untrusted workspace :
xml.java.home & xml.server.vmargs
- We partly restrict these. It can be set in the workspace, but we detect it and prompt the user for
xml.java.home and restrict javaagent for xml.server.vmargs
xml.server.binary.{path,args,trustedHashes}
- We already restrict these and can't be set by the workspace
xml.validation.resolveExternalEntities
- We don't restrict this at all, so we could do that, and certainly restrict it with workspace trust
- Downloading the XML server binary : should we restrict this entirely when untrusted ?
xml.validation.enabled
- Should this be set to false when a workspace is untrusted ?
See redhat-developer/vscode-java#1926 for reference.
Current options/capabilities under consideration for restriction in an untrusted workspace :
xml.java.home&xml.server.vmargsxml.java.homeand restrict javaagent forxml.server.vmargsxml.server.binary.{path,args,trustedHashes}xml.validation.resolveExternalEntitiesxml.validation.enabled