@@ -9,7 +9,6 @@ vsc-extension-quickstart.md
 ## Modules
 node_modules/**
 !node_modules/fsevents/**
-!node_modules/jsdom/**
 
 ## TypeScript
 **/tsconfig.json

@@ -31,7 +31,7 @@
 "package": "./scripts/package.sh",
 "storybook": "yarn --cwd web-app storybook",
 "test": "jest",
-"esbuild-base": "esbuild ./src/extension.ts --bundle --outfile=build/extension.js --external:vscode --external:fsevents --external:jsdom --format=cjs --platform=node",
+"esbuild-base": "esbuild ./src/extension.ts --bundle --outfile=build/extension.js --external:vscode --external:fsevents --format=cjs --platform=node",
 "esbuild": "npm run esbuild-base -- --sourcemap",
 "esbuild-watch": "npm run esbuild-base -- --sourcemap --watch",
 "test-compile": "tsc -watch -p ./"
@@ -42,7 +42,6 @@
 "eslint": "7.32.0",
 "git-url-parse": "11.6.0",
 "jest": "27.3.1",
-"jsdom": "18.1.1",
 "node-fetch": "2.6.6",
 "semver": "7.3.5",
 "ts-jest": "27.0.7",

@@ -1,4 +1,3 @@
-import { JSDOM } from 'jsdom'
 import * as path from 'path'
 import * as vscode from 'vscode'
 import { asyncReadFile } from '../node'
@@ -14,39 +13,64 @@ const getNonce = (): string => {
 return text
 }
 
+/**
+* render
+* configures the index.html into a webview panel
+*
+* React + webpack generate a number of files that are injected on build time
+* and must be accommodated for the webview using a vscode:// path.
+*
+* Modified paths include
+* - /static/js/x.chunk.js
+* - /static/js/main.chunk.js
+* - runtime-main.js
+* - /static/css/x.chunk.css
+* - /static/css/main.chunk.css
+*
+* This function also:
+* - modifies the base href of the index.html to be the root of the workspace
+* - manages the CSP policy for all the loaded files
+*/
 async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<void> {
+// generate vscode-resource build path uri
+const createUri = (_filePath: string): any => {
+const filePath = (_filePath.startsWith('vscode') ? _filePath.substr(16) : _filePath).replace('///', '\\')
+
+// @ts-ignore
+return panel.webview.asWebviewUri(vscode.Uri.file(path.join(rootPath, filePath)))
+}
+
 try {
 // load copied index.html from web app build
-const dom = await JSDOM.fromFile(path.join(rootPath, 'index.html'))
-const { document } = dom.window
+let html = await asyncReadFile(path.join(rootPath, 'index.html'), 'utf8')
 
-// set base href
-const base: HTMLBaseElement = document.createElement('base')
-base.href = `${vscode.Uri.file(path.join(rootPath, 'build')).with({ scheme: 'vscode-resource' })}`
-
-document.head.appendChild(base)
+// set base href at top of <head>
+const baseHref = `${vscode.Uri.file(path.join(rootPath, 'build')).with({ scheme: 'vscode-resource' })}`
+html = html.replace('<head>', `<head><base href="${baseHref}" />`)
 
 // used for CSP
 const nonces: string[] = []
 const hashes: string[] = []
 
-// generate vscode-resource build path uri
-const createUri = (_filePath: string): any => {
-const filePath = (_filePath.startsWith('vscode') ? _filePath.substr(16) : _filePath).replace('///', '\\')
-
-// @ts-ignore
-return panel.webview.asWebviewUri(vscode.Uri.file(path.join(rootPath, filePath)))
+// fix paths for react static scripts to use vscode-resource paths
+var jsBundleChunkRegex = /\/static\/js\/[\d].[^"]*\.js/g
+var jsBundleChunk: RegExpExecArray | null = jsBundleChunkRegex.exec(html)
+if (jsBundleChunk) {
+const nonce: string = getNonce()
+nonces.push(nonce)
+const src = createUri(jsBundleChunk[0])
+// replace script src, add nonce
+html = html.replace(jsBundleChunk[0], `${src}" nonce="${nonce}`)
 }
 
-// fix paths for scripts
-const scripts: HTMLScriptElement[] = Array.from(document.getElementsByTagName('script'))
-for (const script of scripts) {
-if (script.src) {
-const nonce: string = getNonce()
-nonces.push(nonce)
-script.nonce = nonce
-script.src = createUri(script.src)
-}
+var mainBundleChunkRegex = /\/static\/js\/main.[^"]*\.js/g
+var mainBundleChunk: RegExpExecArray | null = mainBundleChunkRegex.exec(html)
+if (mainBundleChunk) {
+const nonce: string = getNonce()
+nonces.push(nonce)
+const src = createUri(mainBundleChunk[0])
+// replace script src, add nonce
+html = html.replace(mainBundleChunk[0], `${src}" nonce="${nonce}`)
 }
 
 // support additional CSP exemptions when CodeRoad is embedded
@@ -61,43 +85,45 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<voi
 }
 }
 
-// add run-time script from webpack
-const runTimeScript = document.createElement('script')
-runTimeScript.nonce = getNonce()
-nonces.push(runTimeScript.nonce)
-
 // note: file cannot be imported or results in esbuild error. Easier to read it.
 let manifest
 try {
 const manifestPath = path.join(rootPath, 'asset-manifest.json')
-console.log(manifestPath)
 const manifestFile = await asyncReadFile(manifestPath, 'utf8')
 manifest = JSON.parse(manifestFile)
 } catch (e) {
 throw new Error('Failed to read manifest file')
 }
 
-runTimeScript.src = createUri(manifest.files['runtime-main.js'])
-document.body.appendChild(runTimeScript)
+// add run-time script from webpack at top of <body>
+const runtimeNonce = getNonce()
+nonces.push(runtimeNonce)
+const runtimeSrc = createUri(manifest.files['runtime-main.js'])
+html = html.replace('<body>', `<body><script src="${runtimeSrc}" nonce="${runtimeNonce}"></script>`)
+
+var cssBundleChunkRegex = /\/static\/css\/[\d].[^"]*\.css/g
+var cssBundleChunk: RegExpExecArray | null = cssBundleChunkRegex.exec(html)
+if (cssBundleChunk) {
+const href = createUri(cssBundleChunk[0])
+// replace script src, add nonce
+html = html.replace(cssBundleChunk[0], href)
+}
 
-// fix paths for links
-const styles: HTMLLinkElement[] = Array.from(document.getElementsByTagName('link'))
-for (const style of styles) {
-if (style.href) {
-style.href = createUri(style.href)
-}
+var mainCssBundleChunkRegex = /\/static\/css\/main.[^"]*\.css/g
+var mainCssBundleChunk: RegExpExecArray | null = mainCssBundleChunkRegex.exec(html)
+if (mainCssBundleChunk) {
+const href = createUri(mainCssBundleChunk[0])
+// replace script src, add nonce
+html = html.replace(mainCssBundleChunk[0], href)
 }
 
 // set CSP (content security policy) to grant permission to local files
 // while blocking unexpected malicious network requests
-const cspMeta: HTMLMetaElement = document.createElement('meta')
-cspMeta.httpEquiv = 'Content-Security-Policy'
-
 const wrapInQuotes = (str: string) => `'${str}'`
 const nonceString = nonces.map((nonce: string) => wrapInQuotes(`nonce-${nonce}`)).join(' ')
 const hashString = hashes.map(wrapInQuotes).join(' ')
 
-cspMeta.content =
+const cspMetaString =
 [
 `default-src 'self'`,
 `manifest-src ${hashString} 'self'`,
@@ -110,10 +136,8 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<voi
 // @ts-ignore
 `style-src ${panel.webview.cspSource} https: 'self' 'unsafe-inline'`,
 ].join('; ') + ';'
-document.head.appendChild(cspMeta)
-
-// stringify dom
-const html = dom.serialize()
+// add CSP to end of <head>
+html = html.replace('</head>', `<meta http-equiv="Content-Security-Policy" content="${cspMetaString}" /></head>`)
 
 // set view
 panel.webview.html = html

@@ -1,6 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
+<!-- INJECT_BASE -->
 <meta charset="utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
 <meta name="theme-color" content="#000000" />
@@ -47,6 +48,7 @@
 }
 }
 </script>
+<!-- INJECT_CSP -->
 </head>
 
 <body>
@@ -68,5 +70,6 @@ <h3 id="coderoad-message">
 To begin the development, run `npm start` or `yarn start`.
 To create a production bundle, use `npm run build` or `yarn build`.
 -->
+<!-- INJECT_SCRIPT -->
 </body>
 </html>