Closed sebthom closed 2 weeks ago
angelozerr
commented
2 weeks ago You can remove this marked.js
I did that a long time ago to play with marked.js with the marked.html file.
Indeed I had ported the markdown.js to Java to try to have the same renderer than vscode.
sebthom
commented
2 weeks ago Ok thanks for the info!
angelozerr
commented
2 weeks ago Just to give you some info about this tm4e markdown plugin.
My goal was to have the same renderer than vscode to support hover (in LSP4E for instance). It is the reason why I have translated marked.js in Java because it is used in vscode.
And the nice thing is that markdown code block is managed with TM4E tokenizer, it means that it uses textmate to manage syntax coloration in hover.
I had used this marked Java port in my very old project at https://github.com/angelozerr/typescript.java/blob/8a6759ca825c2b0ae14cb8e09e5ba1778aae24d3/eclipse/ts.eclipse.ide.ui/src/ts/eclipse/ide/ui/utils/HTMLTypeScriptPrinter.java#L86
I know that LSP4E uses highlight.js to manage syntax coloration for code block but IMHO I think it should be better to use TM4E.
sebthom
commented
2 weeks ago This relates to https://github.com/eclipse-tm4e/tm4e/issues/286 right?
angelozerr
commented
2 weeks ago This relates to https://github.com/eclipse-tm4e/tm4e/issues/286 right?
Yes:) I have forgotten that we have already a discussion about that
Fixes https://github.com/eclipse-tm4e/tm4e/security/code-scanning/2
To fix the problem, we need to extend the URL scheme check to include
data:in addition tojavascript:andvbscript:. This will ensure that URLs with potentially harmful schemes are properly sanitized. The best way to fix this without changing existing functionality is to modify the condition on line 878 to also check fordata:schemes.Suggested fixes powered by Copilot Autofix. Review carefully before merging.