search

11ty / eleventy-plugin-syntaxhighlight

A pack of Eleventy plugins for syntax highlighting in Markdown, Liquid, and Nunjucks templates.
https://www.11ty.dev/docs/plugins/syntaxhighlight/
MIT License
130 stars 32 forks source link

Characters are not escaped when a code block's language is set to `text` #54

Closed AleksandrHovhannisyan closed 2 years ago

AleksandrHovhannisyan commented 3 years ago

Problem

When using fenced code blocks like this:

```text
some plain text code in here

The plain-text code is not properly escaped. So if it has `<` or `>`, those get rendered as _literal tags_ and start throwing all kinds of HTML validation errors (this is currently affecting multiple pages on my site).

### Steps to reproduce

1. Create a basic 11ty site with this plugin installed.
2. Create a markdown post with this code block:

This <is> some text.


3. Observe that the rendered source has unescaped characters.

Example:

![image](https://user-images.githubusercontent.com/19352442/124186336-2ec5f780-da8a-11eb-8d21-ab6fab8fb61c.png)

### Question

Is this not how I should be using the `text` language? I can render fenced code blocks without specifying any language, but then I don't get any classes on the rendered `pre`/`code` or any nested spans. I was under the impression that `text` should still escape characters.
zachleat commented 2 years ago

text is a special escape hatch value in this plugin that opts out of syntax highlighting. If you want normal markdown escaping rules, remove text! See https://github.com/11ty/eleventy-plugin-syntaxhighlight/blob/24f62120c4a8af92cd9daa797586d02ac9b9b8c0/src/markdownSyntaxHighlightOptions.js#L20

This some text.

zachleat commented 2 years ago

As @svivian notes in #36 removing text also removes the styling but you can add a default class a la https://github.com/11ty/eleventy-plugin-syntaxhighlight/issues/66#issuecomment-1169032604