Skip to content

[#132] Add Highlight.js syntax highlighter module. #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AlexSkrypnyk merged 1 commit into from
Feb 18, 2026
Merged

[#132] Add Highlight.js syntax highlighter module. #138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"drupal/gin": "^4.0.6",
"drupal/gin_toolbar": "^2",
"drupal/google_tag": "^2.0.9",
"drupal/highlight_js": "^1.2",
Copy link

@coderabbitai coderabbitai bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

composer.lock must be committed alongside this change.

The PR description acknowledges this is deferred, but shipping without an updated composer.lock means the resolved transitive dependency tree is undefined for all environments. CI may resolve a different constraint than intended, and reproducible builds are broken until the lock file is committed.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@composer.json` at line 31, You added "drupal/highlight_js": "^1.2" to
composer.json but did not update and commit composer.lock; run composer require
drupal/highlight_js:"^1.2" (or composer update drupal/highlight_js) to
regenerate composer.lock, verify the resolved versions and tests, then commit
and push the updated composer.lock alongside the composer.json change so the
transitive dependency tree is pinned for CI and reproducible builds.

"drupal/lagoon_logs": "^3.0.1",
"drupal/metatag": "^2.2",
"drupal/pathauto": "^1.14",
Expand Down
54 changes: 53 additions & 1 deletion composer.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions config/default/core.extension.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ module:
gin_toolbar: 0
google_tag: 0
help: 0
highlight_js: 0
history: 0
image: 0
image_captcha: 0
Expand Down
3 changes: 3 additions & 0 deletions config/default/editor.editor.civictheme_rich_text.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ dependencies:
- filter.format.civictheme_rich_text
module:
- ckeditor5
- highlight_js
_core:
default_config_hash: SztHd9Hrw3-1EuKex-O6V-Kc5EpxLGsSam2HEDXSgDM
format: civictheme_rich_text
Expand Down Expand Up @@ -40,6 +41,8 @@ settings:
- subscript
- '|'
- sourceEditing
- '|'
- highlightJs
plugins:
ckeditor5_alignment:
enabled_alignments:
Expand Down
9 changes: 8 additions & 1 deletion config/default/filter.format.civictheme_rich_text.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ dependencies:
- core.entity_view_mode.media.embedded
module:
- editor
- highlight_js
- linkit
- media
_core:
Expand Down Expand Up @@ -44,7 +45,7 @@ filters:
status: true
weight: -50
settings:
allowed_html: '<br> <p class="ct-text-large ct-text-small text-align-left text-align-center text-align-right"> <h2 id class> <h3 id class="text-align-left text-align-center text-align-right"> <h4 id class="text-align-left text-align-center text-align-right"> <h5 id class="text-align-left text-align-center text-align-right"> <h6 id class="text-align-left text-align-center text-align-right"> <a class="ct-button ct-theme-light ct-theme-dark ct-button--primary ct-button--regular ct-button--secondary ct-button--large" hreflang target title href data-entity-type data-entity-uuid data-entity-substitution> <table class="ct-theme-light ct-theme-dark ct-table ct-table--striped"> <cite> <dl> <dt> <dd> <img src alt data-entity-type data-entity-uuid> <drupal-entity alt title data-entity-type data-entity-uuid data-entity-embed-display data-entity-embed-display-settings data-align data-caption data-embed-button> <span class="ct-visually-hidden"> <svg role viewBox aria-hidden width height class="ct-icon"> <path d> <blockquote cite> <drupal-media title data-entity-type data-entity-uuid alt data-caption data-align> <strong> <em> <u> <code class="language-*"> <pre class="text-align-left text-align-center text-align-right"> <s> <sub> <sup> <ul type> <ol type start> <li> <tr> <td rowspan colspan> <th rowspan colspan> <thead> <tbody> <tfoot> <caption>'
allowed_html: '<br> <p class="ct-text-large ct-text-small text-align-left text-align-center text-align-right"> <h2 id class> <h3 id class="text-align-left text-align-center text-align-right"> <h4 id class="text-align-left text-align-center text-align-right"> <h5 id class="text-align-left text-align-center text-align-right"> <h6 id class="text-align-left text-align-center text-align-right"> <a class="ct-button ct-theme-light ct-theme-dark ct-button--primary ct-button--regular ct-button--secondary ct-button--large" hreflang target title href data-entity-type data-entity-uuid data-entity-substitution> <table class="ct-theme-light ct-theme-dark ct-table ct-table--striped"> <cite> <dl> <dt> <dd> <img src alt data-entity-type data-entity-uuid> <drupal-entity alt title data-entity-type data-entity-uuid data-entity-embed-display data-entity-embed-display-settings data-align data-caption data-embed-button> <span class="ct-visually-hidden"> <svg role viewBox aria-hidden width height class="ct-icon"> <path d> <blockquote cite> <drupal-media title data-entity-type data-entity-uuid alt data-caption data-align> <strong> <em> <u> <code class="language-*"> <pre class="text-align-left text-align-center text-align-right"> <s> <sub> <sup> <ul type> <ol type start> <li> <tr> <td rowspan colspan> <th rowspan colspan> <thead> <tbody> <tfoot> <caption> <highlight-js data-plugin-config data-plugin-id>'
filter_html_help: true
filter_html_nofollow: false
filter_html_escape:
Expand Down Expand Up @@ -72,6 +73,12 @@ filters:
weight: -44
settings:
filter_url_length: 72
highlight_js:
id: highlight_js
provider: highlight_js
status: true
weight: -40
settings: { }
linkit:
id: linkit
provider: linkit
Expand Down
12 changes: 12 additions & 0 deletions config/default/highlight_js.settings.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
copy_enable: true
copy_bg_transparent: false
copy_bg_color: '#4243b1'
copy_txt_color: '#ffffff'
copy_btn_text: ''
copy_success_text: ''
success_txt_color: '#ffffff'
role_copy_access: { }
languages: { }
Comment on lines +8 to +9
Copy link

@coderabbitai coderabbitai bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix YAML lint: too many spaces inside empty braces on both lines.

YAMLlint flags both role_copy_access and languages values.

🔧 Proposed fix 
-role_copy_access: {  }
-languages: {  }
+role_copy_access: {}
+languages: {}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
role_copy_access: { }
languages: { }
role_copy_access: {}
languages: {}
🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 8-8: too many spaces inside empty braces

(braces)

[error] 9-9: too many spaces inside empty braces

(braces)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@config/default/highlight_js.settings.yml` around lines 8 - 9, YAML lint error
comes from extra spaces inside the empty-map braces for the keys
role_copy_access and languages; fix by replacing the current values "{  }" with
compact empty-map "{}" for both role_copy_access and languages so they are valid
YAML empty mappings.

theme: github
success_bg_transparent: false
success_bg_color: '#4243b1'
2 changes: 1 addition & 1 deletion config/default/seckit.settings.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ seckit_xss:
default-src: "'self'"
script-src: "'self' https://www.googletagmanager.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js"
object-src: "'none'"
style-src: "'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.css https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css"
style-src: "'self' https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.css https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css"
img-src: "'self' data:"
media-src: "'self'"
frame-src: "'self' https://www.youtube.com https://www.recaptcha.net https://www.google.com"
Expand Down
2 changes: 1 addition & 1 deletion tests/behat/features/seckit.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Feature: Seckit
And the response header "Content-Security-Policy" should contain the value "media-src 'self'"
And the response header "Content-Security-Policy" should contain the value "report-uri /report-csp-violation"
And the response header "Content-Security-Policy" should contain the value "script-src 'self' https://www.googletagmanager.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js;"
And the response header "Content-Security-Policy" should contain the value "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.css https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css;"
And the response header "Content-Security-Policy" should contain the value "style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/css/tabby-ui.min.css https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.css https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css;"
Copy link

@coderabbitai coderabbitai bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Order-sensitive substring match may produce false failures on CSP source reordering.

The Behat step should contain the value "style-src 'self' https://cdnjs... 'unsafe-inline'..." performs an exact substring match against the full CSP header string. If the seckit module emits the same sources in a different order (e.g., after an upgrade or config re-sort), the test fails even though the security posture is identical.

Consider verifying that seckit's source ordering is stable across upgrades, or note this as a known maintenance point whenever seckit or highlight_js module versions change.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@tests/behat/features/seckit.feature` at line 20, The current Behat assertion
in tests/behat/features/seckit.feature does an order-sensitive substring match
for the Content-Security-Policy header (the step that checks "style-src 'self'
... 'unsafe-inline' ..."), which will false-fail if CSP sources are reordered;
modify the test to be order-insensitive by extracting the CSP header value,
isolating the style-src directive (e.g., via regex for "style-src[^;]*"),
splitting it into individual sources/tokens, and asserting that the expected set
of sources (include "'self'", "'unsafe-inline'" and each CDN URL from the
original string) are present (and no unexpected sources if desired) rather than
asserting the entire directive as a single substring. Ensure the change updates
the Behat step implementation used by that feature so future reordering of
sources does not break the test.

And the response header "Strict-Transport-Security" should contain the value "max-age=31536000"
And the response header "Strict-Transport-Security" should contain the value "includeSubDomains"
And the response header "Strict-Transport-Security" should contain the value "preload"
Expand Down
5 changes: 5 additions & 0 deletions web/modules/custom/do_base/do_base.libraries.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
highlight_js.gherkin:
js:
https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/gherkin.min.js: { type: external, minified: true }
Copy link

@coderabbitai coderabbitai bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix YAML lint: remove extra spaces inside braces.

YAMLlint reports too many spaces inside braces on this line.

🔧 Proposed fix 
-    https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/gherkin.min.js: { type: external, minified: true }
+    https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/gherkin.min.js: {type: external, minified: true}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/gherkin.min.js: { type: external, minified: true }
https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/gherkin.min.js: {type: external, minified: true}
🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 3-3: too many spaces inside braces

(braces)

[error] 3-3: too many spaces inside braces

(braces)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@web/modules/custom/do_base/do_base.libraries.yml` at line 3, The YAML lint
error comes from extra spaces inside the inline mapping braces on the external
asset line; edit the mapping for the URL
"https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/gherkin.min.js"
and remove the spaces immediately after '{' and before '}' so the options read
"{type: external, minified: true}" instead of "{ type: external, minified: true
}".

dependencies:
- highlight_js/highlight_js.js
27 changes: 27 additions & 0 deletions web/modules/custom/do_base/src/Hook/LibraryInfoAlterHook.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

declare(strict_types=1);

namespace Drupal\do_base\Hook;

use Drupal\Core\Hook\Attribute\Hook;

/**
* Library info alter hooks for do_base module.
*/
final class LibraryInfoAlterHook {

/**
* Implements hook_library_info_alter().
*
* Attaches Gherkin language support whenever Highlight.js is loaded.
* The CDN common bundle does not include Gherkin, so we load it separately.
*/
#[Hook('library_info_alter')]
public function alter(array &$libraries, string $extension): void {
if ($extension === 'highlight_js' && isset($libraries['highlight_js.custom'])) {
$libraries['highlight_js.custom']['dependencies'][] = 'do_base/highlight_js.gherkin';
}
}

}