New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for coloring using pygments. #24

Merged
merged 2 commits into from Nov 2, 2016

Conversation

Projects
None yet
3 participants
@ljanyst
Contributor

ljanyst commented Dec 2, 2015

This functionality requires the pygmentize script to be present on the system in a location pointed to by shell's PATH variable.

The user may choose which renderer to use by setting the *renderer* parameter to either :colorize (the default) or :pygments.

*render-code-spans* parameter has been added to determine whether the inline code spans should be colorized according to the language lexing rules specified by the *render-code-spans-lang* parameter. These two replace the *colorize-code-spans-as* parameter, because both renderers
can colorize the inline code spans and pytments does a semi-decent thing even if no lexing rules are speciffied.

Additionally, support for specifying renderer options has been added. This allows the user to fine-tune the output. Ie.

'''c++|linenos=inline

'''

ljanyst added some commits Dec 2, 2015

Add support for coloring using pygments.
This functionality requires the pygmentize script to be present on the
system in a location pointed to by shell's PATH variable.

The user may choose which renderer to use by setting the *renderer*
parameter to either :colorize (the default) or :pygments.

*render-code-spans* parameter has been added to determine whether the
inline code spans should be colorized according to the language lexing
rules specified by the *render-code-spans-lang* parameter. These two
replace the *colorize-code-spans-as* parameter, because both renderers
can colorize the inline code spans and pytments does a semi-decent
thing even if no lexing rules are speciffied.

Additionally, support for specifying renderer options has been added.
This allows the user to fine-tune the output. Ie.

```c++|linenos=inline

```
@kingcons

This comment has been minimized.

kingcons commented Dec 3, 2015

Very cool!

@3b

This comment has been minimized.

Owner

3b commented Jun 29, 2016

Does that do anything to sanitize the input before passing it to a shell (by way of inferior-shell:run)? seems like it could run arbitrary shell code if the param has a ; character.

Even if it does sanitize the input, it would probably be better to use a different interface without that problem. Not sure if using the inferior-shell DSL instead of a string is better in that regard or not. Possibly calling uiop:run-program directly would be best.

Might also be nice to be able to override the command (and command-line) instead of hard-coding for pygmentize on the current PATH.

@3b 3b merged commit 697b77f into 3b:master Nov 2, 2016

@3b

This comment has been minimized.

Owner

3b commented Nov 2, 2016

Looks like it was possible to execute arbitrary shell commands, and also pygments itself has an option to overwrite arbitrary files, so rewrote some of it to try to avoid those problems. Still not sure i'd wan to use it on untrusted input, but hopefully it is a bit safer (not that i have any idea how safe colorize is either).

@3b

This comment has been minimized.

Owner

3b commented Nov 2, 2016

Arbitrary options also seems to allow XSS, so disabled them completely by default for now (issue #29).

@ljanyst ljanyst deleted the ljanyst:pygments branch Dec 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment