in src/welcome.ts [135:237]
private getHtmlForWebview(webview: vscode.Webview) {
// Local path to css styles and images
const scriptPathOnDisk = joinPath(this.dataroot, 'welcome.js');
const stylePath = joinPath(this.dataroot, 'welcome.css');
const announcePath = vscode.Uri.joinPath(this.dataroot, 'announce.png');
const gopherPath = joinPath(this.dataroot, 'go-logo-blue.png');
const goExtension = vscode.extensions.getExtension(extensionId)!;
const goExtensionVersion = goExtension.packageJSON.version;
// Uri to load styles and images into webview
const scriptURI = webview.asWebviewUri(scriptPathOnDisk);
const stylesURI = webview.asWebviewUri(stylePath);
const gopherURI = webview.asWebviewUri(gopherPath);
const announceURI = webview.asWebviewUri(announcePath);
// Use a nonce to only allow specific scripts to be run
const nonce = getNonce();
return `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<!--
Use a content security policy to only allow loading images from https or from our extension directory,
and only allow scripts that have a specific nonce.
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src ${webview.cspSource}; img-src ${webview.cspSource} https:; script-src 'nonce-${nonce}';">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="${stylesURI}" rel="stylesheet">
<title>Go for VS Code</title>
</head>
<body>
<main class="Content">
<div class="Header">
<img src="${gopherURI}" alt="Go Logo" class="Header-logo"/>
<div class="Header-details">
<h1 class="Header-title">Go for VS Code v${goExtensionVersion}</h1>
<p>The official Go extension for Visual Studio Code, providing rich language support for Go projects.</p>
<ul class="Header-links">
<!--
Here and elsewhere, we must use a fake anchor for command buttons, to get styling
consistent with links. We can't fake this using CSS, as it conflicts with theming.
-->
<li><a href="#" class="Command" data-command="openDocument" data-document="CHANGELOG.md">Release notes</a></li>
<li><a href="https://github.com/golang/vscode-go">GitHub</a></li>
<li><a href="https://stackoverflow.com/questions/tagged/go+visual-studio-code">Questions</a></li>
<li><a href="https://invite.slack.golangbridge.org/">Slack</a></li>
</ul>
</div>
</div>
<div class="Announcement">
<img src="${announceURI}" alt="announce" class="Announcement-image" />
<p>
New!
We are excited to announce a new
<a href="https://github.com/golang/vscode-go/wiki/features#analyze-vulnerabilities-in-dependencies">code analysis feature</a>
that surfaces known vulnerabilities in your dependencies.
<br>
This vulncheck analyzer is backed by <a href="https://go.dev/security/vulndb">
Go's vulnerability database</a> and the Go language server's integration of
<a href="https://golang.org/x/vuln/cmd/govulncheck"><code>govulncheck</code></a>.
Read <a href="https://go.dev/blog/vuln">"Go's support for vulnerability management"</a>
to learn about the Go team's approach to helping Go developers secure their open-source dependencies.
Please share your feedback at
<a href="https://go.dev/s/vsc-vulncheck-feedback">go.dev/s/vsc-vulncheck-feedback</a>,
and report a bug in
<a href="https://github.com/golang/vscode-go/issues/new">our issue tracker</a>.
</p>
</div>
<div class="Cards">
<div class="Card">
<div class="Card-inner">
<p class="Card-title">Getting started</p>
<p class="Card-content">Learn about the Go extension in our
<a href="https://github.com/golang/vscode-go/blob/master/README.md">README</a>.
</p>
</div>
</div>
<div class="Card">
<div class="Card-inner">
<p class="Card-title">Learning Go</p>
<p class="Card-content">If you're new to the Go programming language,
<a href="https://go.dev/learn">go.dev/learn</a> is a great place to get started.</a>
</p>
</div>
</div>
<div class="Card">
<div class="Card-inner">
<p class="Card-title">Troubleshooting</p>
<p class="Card-content">Experiencing problems? Start with our
<a href="https://github.com/golang/vscode-go/blob/master/docs/troubleshooting.md">troubleshooting guide</a>. </p> </div>
</div>
</div>
</main>
<script nonce="${nonce}" src="${scriptURI}"></script>
</body>
</html>`;
}