Command Line: Escape markup in command line output

[at055612]

Fixes #3340

[github-actions]

JS File Size Changes (gzipped)

A total of 1 files have changed, with a combined diff of +11 B (+1.0%).

file	master	pull	size diff	% diff
plugins/command-line/prism-command-line.min.js	1.13 KB	1.14 KB	+11 B	+1.0%

Generated by 🚫 dangerJS against f99b8e2

[RunDevelopment]

You just found and fixed a security vulnerability that has been in Prism for years. Thank you!

The bug has been introduced in #856, almost 4 years ago, and was first released v1.14.0.

I'll release a new version of make an advisory after merging this PR.

[at055612]

Happy to help.

How do the release tags relate to the js/css downloads on the prism site? The last release was January I think but if I download the css/js from the site now it includes my recent PRs which went in since the Jan release. Is the site based on master?

I think it may be better if the site was built from a tagged release then the version number in the downloaded css/js would always correspond to a fixed point in the code.

[RunDevelopment]

How do the release tags relate to the js/css downloads on the prism site?

Not at all. As you guess, they get everything straight from master.

I think it may be better if the site was built from a tagged release then the version number in the downloaded css/js would always correspond to a fixed point in the code.

I agree, but that's not easy to implement on top of GitHub pages. However, we actually need this for another feature, so it is planned that you will eventually be able to select a specific version on the download page.