diff --git a/src/vs/code/electron-main/app.ts b/src/vs/code/electron-main/app.ts
index 9d09792a65b..8effa87307f 100644
--- a/src/vs/code/electron-main/app.ts
+++ b/src/vs/code/electron-main/app.ts
@@ -48,6 +48,7 @@ import { isUndefinedOrNull } from "vs/base/common/types";
 import { CodeWindow } from "vs/code/electron-main/window";
 import { isEqual, isParent } from "vs/platform/files/common/files";
 import { KeyboardLayoutMonitor } from "vs/code/electron-main/keyboard";
+import URI from 'vs/base/common/uri';
 
 export class CodeApplication {
 	private toDispose: IDisposable[];
@@ -119,6 +120,23 @@ export class CodeApplication {
 			}
 		});
 
+		const isValidWebviewSource = (source: string) =>
+			!source || (source.toLowerCase() as any).startsWith(URI.file(this.environmentService.appRoot.toLowerCase()).toString());
+
+		app.on('web-contents-created', (event, contents) => {
+			contents.on('will-attach-webview', (event, webPreferences, params) => {
+				delete webPreferences.preload;
+				webPreferences.nodeIntegration = false;
+
+				// Verify URLs being loaded
+				if (isValidWebviewSource(params.src) && isValidWebviewSource(webPreferences.preloadURL)) {
+					return;
+				}
+				// Otherwise prevent loading
+				event.preventDefault();
+			});
+		});
+
 		let macOpenFiles: string[] = [];
 		let runningTimeout: number = null;
 		app.on('open-file', (event: Event, path: string) => {