Complex Commands

This document lists the set of Visual Studio Code complex commands. They are called complex commands because they require parameters and often return a value. You can use the commands in conjunction with the executeCommand API.

The following is a sample of how to preview a HTML document:

let uri = Uri.parse('file:///some/path/to/file.html');
let success = await commands.executeCommand('vscode.previewHtml', uri);

Commands

vscode.executeWorkspaceSymbolProvider - Execute all workspace symbol provider.

  • query - Search string
  • (returns) - A promise that resolves to an array of SymbolInformation instances.

vscode.executeDefinitionProvider - Execute all definition provider.

  • uri - Uri of a text document
  • position - Position of a symbol
  • (returns) - A promise that resolves to an array of Location instances.

vscode.executeTypeDefinitionProvider - Execute all type definition providers.

  • uri - Uri of a text document
  • position - Position of a symbol
  • (returns) - A promise that resolves to an array of Location instances.

vscode.executeImplementationProvider - Execute all implementation providers.

  • uri - Uri of a text document
  • position - Position of a symbol
  • (returns) - A promise that resolves to an array of Location instances.

vscode.executeHoverProvider - Execute all hover provider.

  • uri - Uri of a text document
  • position - Position of a symbol
  • (returns) - A promise that resolves to an array of Hover instances.

vscode.executeDocumentHighlights - Execute document highlight provider.

  • uri - Uri of a text document
  • position - Position in a text document
  • (returns) - A promise that resolves to an array of DocumentHighlight instances.

vscode.executeReferenceProvider - Execute reference provider.

  • uri - Uri of a text document
  • position - Position in a text document
  • (returns) - A promise that resolves to an array of Location instances.

vscode.executeDocumentRenameProvider - Execute rename provider.

  • uri - Uri of a text document
  • position - Position in a text document
  • newName - The new symbol name
  • (returns) - A promise that resolves to a WorkspaceEdit.

vscode.executeSignatureHelpProvider - Execute signature help provider.

  • uri - Uri of a text document
  • position - Position in a text document
  • triggerCharacter - (optional) Trigger signature help when the user types the character, like , or (
  • (returns) - A promise that resolves to SignatureHelp.

vscode.executeDocumentSymbolProvider - Execute document symbol provider.

  • uri - Uri of a text document
  • (returns) - A promise that resolves to an array of SymbolInformation instances.

vscode.executeCompletionItemProvider - Execute completion item provider.

  • uri - Uri of a text document
  • position - Position in a text document
  • triggerCharacter - (optional) Trigger completion when the user types the character, like , or (
  • itemResolveCount - (optional) Number of completions to resolve (too large numbers slow down completions)
  • (returns) - A promise that resolves to a CompletionList instance.

vscode.executeCodeActionProvider - Execute code action provider.

  • uri - Uri of a text document
  • range - Range in a text document
  • (returns) - A promise that resolves to an array of Command instances.

vscode.executeCodeLensProvider - Execute CodeLens provider.

  • uri - Uri of a text document
  • itemResolveCount - (optional) Number of lenses that should be resolved and returned. Will only retrun resolved lenses, will impact performance)
  • (returns) - A promise that resolves to an array of CodeLens instances.

vscode.executeFormatDocumentProvider - Execute document format provider.

  • uri - Uri of a text document
  • options - Formatting options
  • (returns) - A promise that resolves to an array of TextEdits.

vscode.executeFormatRangeProvider - Execute range format provider.

  • uri - Uri of a text document
  • range - Range in a text document
  • options - Formatting options
  • (returns) - A promise that resolves to an array of TextEdits.

vscode.executeFormatOnTypeProvider - Execute document format provider.

  • uri - Uri of a text document
  • position - Position in a text document
  • ch - Character that got typed
  • options - Formatting options
  • (returns) - A promise that resolves to an array of TextEdits.

vscode.executeLinkProvider - Execute document link provider.

  • uri - Uri of a text document
  • (returns) - A promise that resolves to an array of DocumentLink instances.

vscode.executeDocumentColorProvider - Execute document color provider.

  • uri - Uri of a text document
  • (returns) - A promise that resolves to an array of ColorInformation objects.

vscode.executeColorPresentationProvider - Execute color presentation provider.

  • color - The color to show and insert
  • context - Context object with uri and range
  • (returns) - A promise that resolves to an array of ColorPresentation objects.

vscode.previewHtml - Render the HTML of the resource in an editor view.

  • uri - Uri of the resource to preview.
  • column - (optional) Column in which to preview.
  • label - (optional) An human readable string that is used as title for the preview.
  • options - (optional) Options for controlling webview environment.

See working with the HTML preview for more information about the HTML preview's integration with the editor and for best practices for extension authors.

vscode.openFolder - Open a folder or workspace in the current window or new window depending on the newWindow argument.

  • uri - (optional) Uri of the folder or workspace file to open. If not provided, a native dialog will ask the user for the folder
  • newWindow - (optional) Whether to open the folder/workspace in a new window or the same. Defaults to opening in the same window.

Note that opening in the same window will shutdown the current extension host process and start a new one on the given folder/workspace unless the newWindow parameter is set to true.

vscode.diff - Opens the provided resources in the diff editor to compare their contents.

  • left - Left-hand side resource of the diff editor
  • right - Right-hand side resource of the diff editor
  • title - (optional) Human readable title for the diff editor
  • options - (optional) Editor options, see vscode.TextDocumentShowOptions

vscode.open - Opens the provided resource in the editor.

  • resource - Resource to open
  • columnOrOptions - (optional) Either the column in which to open or editor options, see vscode.TextDocumentShowOptions

Can be a text or binary file, or a http(s) url. If you need more control over the options for opening a text file, use vscode.window.showTextDocument instead.

vscode.removeFromRecentlyOpened - Removes an entry with the given path from the recently opened list.

  • path - Path to remove from recently opened.

vscode.setEditorLayout - Sets the editor layout.

  • layout - The editor layout to set.

The layout is described as object with an initial (optional) orientation (0 = horizontal, 1 = vertical) and an array of editor groups within. Each editor group can have a size and another array of editor groups that will be laid out orthogonal to the orientation. If editor group sizes are provided, their sum must be 1 to be applied per row or column. Example for a 2x2 grid: { orientation: 0, groups: [{ groups: [{}, {}], size: 0.5 }, { groups: [{}, {}], size: 0.5 }] }

cursorMove - Move cursor to a logical position in the view

  • Cursor move argument object

    Property-value pairs that can be passed through this argument:

    • 'to': A mandatory logical position value providing where to move the cursor.
      'left', 'right', 'up', 'down'
      'wrappedLineStart', 'wrappedLineEnd', 'wrappedLineColumnCenter'
      'wrappedLineFirstNonWhitespaceCharacter', 'wrappedLineLastNonWhitespaceCharacter'
      'viewPortTop', 'viewPortCenter', 'viewPortBottom', 'viewPortIfOutside'
      
    • 'by': Unit to move. Default is computed based on 'to' value.
      'line', 'wrappedLine', 'character', 'halfLine'
      
    • 'value': Number of units to move. Default is '1'.
    • 'select': If 'true' makes the selection. Default is 'false'.

editorScroll - Scroll editor in the given direction

  • Editor scroll argument object

    Property-value pairs that can be passed through this argument:

    • 'to': A mandatory direction value.
      'up', 'down'
      
    • 'by': Unit to move. Default is computed based on 'to' value.
      'line', 'wrappedLine', 'page', 'halfPage'
      
    • 'value': Number of units to move. Default is '1'.
    • 'revealCursor': If 'true' reveals the cursor if it is outside view port.

revealLine - Reveal the given line at the given logical position

  • Reveal line argument object

    Property-value pairs that can be passed through this argument:

    • 'lineNumber': A mandatory line number value.
    • 'at': Logical position at which line has to be revealed .
      'top', 'center', 'bottom'
      

editor.unfold - Unfold the content in the editor

  • Unfold editor argument

    Property-value pairs that can be passed through this argument:

    • 'levels': Number of levels to unfold. If not set, defaults to 1.
    • 'direction': If 'up', unfold given number of levels up otherwise unfolds down.
    • 'selectionLines': The start lines (0-based) of the editor selections to apply the unfold action to. If not set, the active selection(s) will be used.

editor.fold - Fold the content in the editor

  • Fold editor argument

    Property-value pairs that can be passed through this argument:

    • 'levels': Number of levels to fold. Defaults to 1.
    • 'direction': If 'up', folds given number of levels up otherwise folds down.
    • 'selectionLines': The start lines (0-based) of the editor selections to apply the fold action to. If not set, the active selection(s) will be used.

editor.action.showReferences - Show references at a position in a file

  • uri - The text document in which to show references
  • position - The position at which to show
  • locations - An array of locations.

moveActiveEditor - Move the active editor by tabs or groups

  • Active editor move argument

    Argument Properties:

    • 'to': String value providing where to move.
    • 'by': String value providing the unit for move (by tab or by group).
    • 'value': Number value providing how many positions or an absolute position to move.

Working With the HTML Preview

Styling

The body element of the displayed HTML is dynamically annotated with one of the following CSS classes in order to communicate the kind of color theme VS Code is currently using: vscode-light, vscode-dark, or vscode-high-contrast.

Links contained in the document will be handled by VS Code whereby it supports file-resources and virtual resources as well as triggering commands using the command scheme. Use the query part of a command-uri to pass along JSON encoded arguments. Note that URL encoding must be applied.

The snippet below defines a command link that calls the previewHtml command and passes along an URI:

  let href = encodeURI('command:vscode.previewHtml?' + JSON.stringify(someUri));
  let html = '<a href="' + href + '">Show Resource...</a>.';

Security Tips

As an extension author, if you use an HTML preview, you are responsible for protecting users from potentially malicious content. The primary danger is that an attacker could craft a malicious workspace that uses your HTML preview to execute scripts or perform other insecure activities. In addition to normal web security best practices, here are a few specific tips and tricks to help protect users.

Sanitizing Content

As a first line of defense, when constructing an HTML document for the preview, make sure to appropriately sanitize all input that comes from workspace settings or from files on a user's system. For HTML content, consider using a whitelist of safe tags and attributes. Libraries such as sanitize-html can help with this.

Disabling Scripts

If your preview does not need to execute JavaScript, you can further enhance security by disabling script execution entirely. One way to accomplish this is by loading untrusted content inside of an iframe with the sandbox attribute set. In this case, the content would be loaded using the srcdoc attribute:

<iframe sandbox srcdoc="<!DOCTYPE html>..."></iframe>

If your preview still needs to load some local resources such as images, try using sandbox="allow-same-origin" instead:

<iframe sandbox="allow-same-origin" srcdoc="<!DOCTYPE html>..."></iframe>

sandbox="allow-same-origin" disables script execution inside the iframe but allows loading resources from a user's system, such as stylesheets and images. In general, it is best to disable access to local resources unless your preview absolutely needs it.

Using a Content Security Policy

If your preview's functionality depends on scripts, consider disabling scripts that come from untrusted user content using a content security policy. Content security policy allow fine grained control over which resources may be loaded.

For example, here's a content security policy that allows images from anywhere, allows stylesheets from a user's local system, and disables all scripts:

<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src *; style-src 'self'; script-src 'none';">
  <title>...</title>
</head>
<body>
  Content
</body>
</html>

To selectively enable scripts, the best approach for the HTML preview is to use a dynamically generated nonce to whitelist certain trusted scripts:

<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src *; style-src 'self'; script-src 'nonce-123456';">
  <title>...</title>
</head>
<body>
  Content
  <script nonce="123456" src="file:///path/to/extension/my_trusted_script.js"></script>
</body>
</html>