From b6e92023c075ee3f968c940a7daa282715b9f9a7 Mon Sep 17 00:00:00 2001
From: Peter Kiss <peter@yscik.com>
Date: Tue, 26 Jan 2021 17:29:15 +0100
Subject: [PATCH 1/2] Fix html double-encoding

---
 syntaxhighlighter.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/syntaxhighlighter.php b/syntaxhighlighter.php
index 576b7f2..7b8937a 100644
--- a/syntaxhighlighter.php
+++ b/syntaxhighlighter.php
@@ -537,9 +537,8 @@ public function render_block( $attributes, $content ) {
 		$code = preg_replace('/' . get_shortcode_regex() . '/', '[$0]', $code );
 
 		// Undo escaping done by WordPress
-		$code = str_replace( '&lt;', '<', $code );
-		$code = str_replace( '&amp;', '&', $code );
-		$code = preg_replace(  '/^(\s*https?:)&#47;&#47;([^\s<>"]+\s*)$/m', '$1//$2', $code );
+		$code = htmlspecialchars_decode( $code );
+		$code = preg_replace(  '/^(\s*https?:)&#0?47;&#0?47;([^\s<>"]+\s*)$/m', '$1//$2', $code );
 
 		$code = $this->shortcode_callback( $attributes, $code, 'code' );
 

From 84e87972ab6f97c24564221d8f8bfec06083afed Mon Sep 17 00:00:00 2001
From: Peter Kiss <peter@yscik.com>
Date: Tue, 26 Jan 2021 17:29:45 +0100
Subject: [PATCH 2/2] Encode shortcode opening tags

---
 syntaxhighlighter.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/syntaxhighlighter.php b/syntaxhighlighter.php
index 7b8937a..a14806b 100644
--- a/syntaxhighlighter.php
+++ b/syntaxhighlighter.php
@@ -533,9 +533,6 @@ public function render_block( $attributes, $content ) {
 
 		$code = preg_replace( '#<pre [^>]+>([^<]+)?</pre>#', '$1', $content );
 
-		// Escape shortcodes
-		$code = preg_replace('/' . get_shortcode_regex() . '/', '[$0]', $code );
-
 		// Undo escaping done by WordPress
 		$code = htmlspecialchars_decode( $code );
 		$code = preg_replace(  '/^(\s*https?:)&#0?47;&#0?47;([^\s<>"]+\s*)$/m', '$1//$2', $code );
@@ -1330,6 +1327,9 @@ function shortcode_callback( $atts, $code = '', $tag = false ) {
 
 		$code = ( false === strpos( $code, '<' ) && false === strpos( $code, '>' ) && 2 == $this->get_code_format($post) ) ? strip_tags( $code ) : htmlspecialchars( $code );
 
+		// Escape shortcodes
+		$code = preg_replace( '/\[/', '&#91;', $code );
+
 		$params[] = 'notranslate'; // For Google, see http://otto42.com/9k
 
 		$params = apply_filters( 'syntaxhighlighter_cssclasses', $params ); // Use this to add additional CSS classes / SH parameters