|
17e33bc0
|
2016-11-20T12:52:54
|
|
Reduce risk of XSS (#1051)
* Skip non-own properties of env.attributes
Use `Object.keys` instead of a for-in loop to find optional attributes.
The former only grabs keys that are own properties, the latter also
includes inherit properties from `Object.prototype`.
This reduces the risk of XSS if an attacker somehow manages to
manipulate the prototype chain of the Object prototype.
* Fix root cause of XSS in autolinker plugin #1054
* command-line plugin: Safely encode attributes
If an attacker has control over the values of the attributes
"data-prompt", "data-user", or "data-host", then XSS was possible.
This fixes the issue, by encoding quotes as the `"` entity.
* show-language plugin: innerHTML -> textContent
There is no need for `innerHTML` here. At best nothing happens,
at worst XSS is possible (though the odds are negligible since
the attacker would have to control the detected language).
* toolbar plugin: innerHTML -> textContent
|
|
07b81ac7
|
2016-11-08T20:08:49
|
|
Plugins: Toolbar & Copy to Clipboard (#891)
* Add prism-toolbar plugin
This plugin exposes a `registerButton` method, which other
plugins can use to add buttons to the toolbar. Comes with
styles.
* Add demo file for toolbar plugin
Registers a "Hello World!" tag with the toolbar.
* Make `toolbar.registerButton` polymorphic
This allows developers to provide either a callback or an object
with a `text` string and an optional `onClick` function to create
a new button.
* Add Toolbar & Copy to Clipboard to components.js
* Add Copy to Clipboard plugin
* Switch `innerHTML` to `textContent`
This ensures additional HTML can't be passed to the toolbar
via the `text` property, ensuring a consistent display for the
buttons.
* Use `call` to bind `this` to the `onClick` method
This provides access to the clicked element, which is what `this`
is usually bound to on event listeners.
* Add hover animation to toolbar
* Add drop shadow to toolbar buttons
* Add `clipboard` to `optionalDependencies`
This will install Clipboard.js when installing from `npm`, but
won't fail the build if the installation of Clipboard.js fails.
* Load Clipboard.js from CDN if not present
* Display plugin code using data-src
* Recompile prism-toolbar
* Update Show Languages to be a Toolbar button
Show Languages now registers a callback with the toolbar
plugin to return an element with the language in it.
* Add basic HTML API & documentation
The Toolbar will now be able to read a `data-label` attribute
and add it to the code snippet.
* Switch a -> button when only providing onClick
Also adds a `url` property which creats an anchor tag and sets
the href. Adds some styles to override the button defaults.
* Add support for data-url to create anchor tag
This allows the HTML API to create links in the Toolbar.
* Update toolbar to allow order controlled via HTML
Uses a data-attribute on the `body` tag to update the order,
should the user choose to do so.
* Allow template element to provide content to label
This provides one of several options a user can implement in order to
get a custom button.
Also fixes some bugs in the documentation.
* Fix bug when combined with the autoloader plugin
The autoloader will rehighlight the element after the language arrives.
This means the complete hook can run multiple times. Without a check,
multiple toolbars can get added to an element.
|
|
5e568330
|
2016-07-19T18:20:18
|
|
Remove unneeded prefixed CSS (#989)
This PR removes
– prefixed `linear-gradient`
– prefixed `box-shadow`
– prefixed `border-radius`
– prefixed `opacity` + legacy IE alternatives
– `-moz-transition` (http://caniuse.com/css-transitions)
|
|
5e62f023
|
2016-07-04T20:13:26
|
|
Add support for Xojo. Fix #898
|
|
9c5ffb5e
|
2016-06-27T01:26:39
|
|
Merge remote-tracking branch 'official/gh-pages' into prism-livescript
Conflicts:
plugins/show-language/prism-show-language.js
plugins/show-language/prism-show-language.min.js
|
|
9cfc8cb2
|
2016-06-18T19:39:36
|
|
Add support for LiveScript
|
|
2607dcd9
|
2016-06-18T14:46:44
|
|
Add support for .properties files
|
|
bfb559bf
|
2016-06-11T01:17:24
|
|
Add support for GraphQL
|
|
f081b905
|
2016-04-29T16:39:46
|
|
Rename proto language into protobuf and add it to components.js
|
|
54400fba
|
2016-02-17T15:26:01
|
|
Add property 'aliasTitles' to components.js
This is necessary, because a language that has a lot of aliases
like markup (HTML, SVG, XML, MathML), is only added to the
languageMap once as "Markup". So any plugin that depends on the
languageMap is limited by that.
This patch allows the definition of additional titles for
languages, depending on the alias that is used.
|
|
3656a085
|
2015-12-30T13:28:00
|
|
Remove unnecessary check for the existence of the addEventListener
method
All target browsers for Prism support this method now. The check
is therefore obsolete.
|
|
d9b351f0
|
2015-12-27T11:03:43
|
|
Use the file-highlight plugin to load the example for the
data-language attribute on the demo page of the show-language
plugin.
There is no need to include a whole copy of logo.svg on the
example page.
|
|
97d0f49a
|
2015-12-26T09:50:23
|
|
Update auto-generated files
|
|
7e74aef4
|
2015-12-12T21:08:15
|
|
Allow custom label without a language mapping.
|
|
eb9a83c2
|
2015-12-17T21:02:26
|
|
The data-language attribute is no longer of any use, so remove it from the code.
It was only applicable when using CSS pseudo elements to show the language name, which is no longer the case.
|
|
804ed779
|
2015-10-16T08:00:50
|
|
Run gulp
|
|
6679e735
|
2015-10-10T16:38:02
|
|
Add support for PARI/GP
|
|
68159d5b
|
2015-10-10T03:57:25
|
|
Add support for AsciiDoc
|
|
6d94e037
|
2015-10-04T21:29:28
|
|
Run gulp
|
|
6268dc04
|
2015-10-02T23:14:44
|
|
Add check for extsting divs, making it reentrant.
|
|
3a346e5e
|
2015-09-30T17:31:15
|
|
Fix the problem of language label scrolling out of view with code by moving the label to a previous sibling of 'pre'.
|
|
69ea994e
|
2015-09-24T09:03:36
|
|
Add support for vim. Closes #777
|
|
e62c88ed
|
2015-09-23T08:41:41
|
|
Add nginx to components, fixed basic highlighting, add a few tests
|
|
3f386732
|
2015-09-17T08:56:50
|
|
Add support for AutoIt. Fix #453
|
|
804b9da0
|
2015-09-11T07:48:58
|
|
Run gulp + removed uneeded array in components
|
|
9c1bdfef
|
2015-09-09T07:59:47
|
|
OCaml: Add comment explaining operators + run gulp
|
|
774da160
|
2015-09-07T08:55:31
|
|
Basic: Optimized operators + try to separate functions from keywords
|
|
7326865b
|
2015-09-07T07:58:17
|
|
MEL: Fix flags + optimized operators
|
|
29a1016e
|
2015-09-06T19:46:53
|
|
Inform 7: Fixed titles, verbs and text substitutions. Renamed variable to type with alias
|
|
90735046
|
2015-09-06T19:02:52
|
|
GLSL: Fix comments
|
|
c4516114
|
2015-09-05T09:48:50
|
|
Elixir is capitalized (2) + fixed example
|
|
801769cc
|
2015-09-05T09:42:40
|
|
Elixir: Merged heredoc with strings, fixed capture, optimized operators and keywords.
|
|
1f45942c
|
2015-09-04T08:58:16
|
|
Add support for APL. Closes #308
|
|
0356c58c
|
2015-09-03T19:09:48
|
|
Apply changes from #754 to all plugins so that none of them throw errors in node.
Autolinker, Show invisibles and WPD can now be used with node.
Removed unused minified CSS file.
Also added missing space between attributes during wrapping.
|
|
08dd500f
|
2015-08-20T19:49:05
|
|
Merge pull request #703 from mooreInteractive/fix-show-language-styles
add reset styles to show-language plugin due to style overwriting for…
|
|
7f21d439
|
2015-08-20T09:52:27
|
|
add reset styles to show-language plugin due to style overwriting form the themes, bug pertained to Coy styles
|
|
39bd8278
|
2015-08-18T19:00:24
|
|
Add gulp task to build languages map in Show language plugin (Fix #671)
|
|
2acd30dc
|
2015-04-17T18:23:37
|
|
Work nicely with line-numbers plugin
Generated content on the `pre` means if the highlighted area needs to scroll, the language will scroll out of view with the code.
But that's better than completely breaking another plugin.
|
|
93fb18a1
|
2015-04-03T00:04:46
|
|
Don't force scrollbars to be shown unnecessarily.
|
|
7cfd29a9
|
2014-05-26T11:20:55
|
|
Rebuild minified files.
|
|
79a7d9a7
|
2014-04-22T16:03:31
|
|
Include owner in components.js, also minified CSS/JS.
|
|
79af7964
|
2014-02-24T22:34:43
|
|
Plugin to show highlighted language, per Issue #1
|