Permalink
Commits on Mar 9, 2017
  1. .npmignore: Unignore components.js (#1108)

    For the trick suggested by @apfelbox in
    #593 (comment)
    to work, we need both of these files to be in the NPM package:
    
    /components.js
    /tests/helper/components.js
    papandreou committed with LeaVerou Mar 9, 2017
Commits on Mar 2, 2017
  1. Run gulp

    Golmote committed Mar 2, 2017
  2. Update Crystal keywords (#1092)

    - Add `select`, `uninitialized` and `__END_LINE__`
    - Remove `ifdef`
    MakeNowJust committed with Golmote Mar 2, 2017
Commits on Feb 13, 2017
  1. Avoid conflict between line-highlight and other plugins

    The line-highlight plugin should not overwrite env.code, because other
    plugins (e.g. normalize-whitespace) might have modified it.
    zeitgeist87 committed Feb 13, 2017
  2. Cleanup left-over line-highlight tags before other plugins run

    The tags used by the line-highlight plugin are appended to the <code>
    tag. This causes problems with the autoloader plugin, because the
    tags contain whitespace and therefore change the content of the <code>
    tag.
    
    This patch fixes the issue #1101, by removing any line-highlight tags
    with the `before-sanity-check` hook.
    zeitgeist87 committed Feb 13, 2017
Commits on Feb 11, 2017
Commits on Feb 10, 2017
Commits on Feb 8, 2017
  1. Remove some trailing commas

    Golmote committed Feb 8, 2017
  2. Add missing greedy config in APL, AutoIt, Dart, Elixir, Erlang, F#, G…

    …o, Haxe, Icon, Inform7, J, Makefile, Mel, Nim, Nix, NSIS, OCaml, Oz, Pari/GP, Parser, Pascal, Perl, Prolog, Pure, Qore, R, Rip, Ruby, Rust, SAS, Scheme, SQL, Stylus, Tcl and Verilog
    Golmote committed Feb 8, 2017
  3. Run gulp

    Golmote committed Feb 8, 2017
  4. fixes #1061 JSX spread operator break (#1094)

    * fixes #1061 JSX spread operator break
    
    * simplify jsx tag regexp
    vkbansal committed with Golmote Feb 8, 2017
Commits on Feb 7, 2017
  1. LOLCODE: Make strings greedy

    Golmote committed Feb 7, 2017
Commits on Jan 28, 2017
  1. Run gulp

    Golmote committed Jan 28, 2017
  2. Add tests for Django

    Golmote committed Jan 28, 2017
  3. Run gulp

    Golmote committed Jan 28, 2017
  4. APL: Update test after #1072

    Golmote committed Jan 28, 2017
  5. Add left shoe underbar and right shoe underbar (#1072)

    They're used by NARS2000, and left shoe underbar will be used by Dyalog APL.
    jayfoad committed with Golmote Jan 28, 2017
Commits on Jan 24, 2017
  1. Initial implementation of manual highlighting (#1087)

    * Initial implementation of manual highlighting
    
    Borrow the `manual` property of whatever already existing Prism instance
    there is.
    
    * Simplify setting of `Prism.manual`
    
    Cleans up the implementation w/ less code.
    mAAdhaTTah committed with LeaVerou Jan 24, 2017
Commits on Jan 18, 2017
Commits on Jan 10, 2017
  1. Run gulp

    Golmote committed Jan 10, 2017
Commits on Dec 5, 2016
  1. Update typescript keywords (#1064)

    * Update TypeScript keyword list
    
    * Add comment with URL to TS spec
    andrewiggins committed with LeaVerou Dec 5, 2016
  2. Set up auto npm publishing

    LeaVerou committed Dec 5, 2016
Commits on Dec 3, 2016
  1. Release 1.6.0

    Golmote committed Dec 3, 2016
  2. Merge branch 'gh-pages' of https://github.com/PrismJS/prism into gh-p…

    …ages
    
    # Conflicts:
    #	components/prism-core.min.js
    Golmote committed Dec 3, 2016
Commits on Nov 20, 2016
  1. Reduce risk of XSS (#1051)

    * Skip non-own properties of env.attributes
    
    Use `Object.keys` instead of a for-in loop to find optional attributes.
    The former only grabs keys that are own properties, the latter also
    includes inherit properties from `Object.prototype`.
    This reduces the risk of XSS if an attacker somehow manages to
    manipulate the prototype chain of the Object prototype.
    
    * Fix root cause of XSS in autolinker plugin #1054
    
    * command-line plugin: Safely encode attributes
    
    If an attacker has control over the values of the attributes
    "data-prompt", "data-user", or "data-host", then XSS was possible.
    This fixes the issue, by encoding quotes as the `&quot;` entity.
    
    * show-language plugin: innerHTML -> textContent
    
    There is no need for `innerHTML` here. At best nothing happens,
    at worst XSS is possible (though the odds are negligible since
    the attacker would have to control the detected language).
    
    * toolbar plugin: innerHTML -> textContent
    Rob--W committed with Golmote Nov 20, 2016
Commits on Nov 19, 2016
  1. Run gulp

    Golmote committed Nov 19, 2016