|
11c54624
|
2022-03-22T22:32:52
|
|
Use terser (#3407)
|
|
b53832cd
|
2022-02-23T11:30:35
|
|
Command Line: Add support for command continuation prefix (#3344)
|
|
|
e002e78c
|
2022-02-16T17:35:51
|
|
Command Line: Escape markup in command line output (#3341)
|
|
|
1784b175
|
2022-02-10T18:51:13
|
|
Command Line: Add support for line continuation and improved colors (#3326)
|
|
|
82d0ca15
|
2022-02-02T12:20:48
|
|
Command Line: Added span around command and output (#3312)
|
|
|
c81c3319
|
2021-05-24T14:39:34
|
|
Command Line: Don't modify empty code blocks (#2896)
|
|
|
96335642
|
2021-03-21T17:22:54
|
|
Plugins: Consistent Prism check (#2788)
|
|
|
8c9c2896
|
2020-06-27T20:46:04
|
|
Command Line: Some refactoring (#2290)
|
|
|
e6b2c6fc
|
2020-04-07T21:30:01
|
|
Command Line: Correctly rehighlight elements (#2291)
|
|
c24831b5
|
2019-04-27T11:28:47
|
|
Command line: Fix for uncaught errors for empty 'commandLine' object. (#1862)
This fixes the issue that the Command line plugin throws an error when the 'commandLine' object is not defined/an empty object. This always happens when an element with no text is highlighted.
|
|
|
3e00bb9c
|
2019-03-07T15:22:30
|
|
Rebuilt Prism (#1794)
This is a rebuilt of Prism to update minified files.
|
|
|
9f6e5026
|
2018-11-28T14:23:53
|
|
Fixed class regex for Command Line plugin (#1566)
Fixes #1564 where the plugin would wrongly detect `command-line-prompt`
causing the alignment issue.
|
|
094d5463
|
2018-03-26T02:14:54
|
|
Command Line: Allow specifying output prefix using data-filter-output attribute. (#856)
|
|
17e33bc0
|
2016-11-20T12:52:54
|
|
Reduce risk of XSS (#1051)
* Skip non-own properties of env.attributes
Use `Object.keys` instead of a for-in loop to find optional attributes.
The former only grabs keys that are own properties, the latter also
includes inherit properties from `Object.prototype`.
This reduces the risk of XSS if an attacker somehow manages to
manipulate the prototype chain of the Object prototype.
* Fix root cause of XSS in autolinker plugin #1054
* command-line plugin: Safely encode attributes
If an attacker has control over the values of the attributes
"data-prompt", "data-user", or "data-host", then XSS was possible.
This fixes the issue, by encoding quotes as the `"` entity.
* show-language plugin: innerHTML -> textContent
There is no need for `innerHTML` here. At best nothing happens,
at worst XSS is possible (though the odds are negligible since
the attacker would have to control the detected language).
* toolbar plugin: innerHTML -> textContent
|
|
|
298dca59
|
2015-12-29T19:36:08
|
|
Remove the need for an "output" class.
|
|
a912063c
|
2015-12-30T00:56:38
|
|
Update auto-generated files and minified versions
|