Sanitization strips out actual content

[smrq]

The sanitization is a bit overzealous, which can remove real content. Example:

render('```sh\n$ gulp test\n```');

Yields

<pre><code class="lang-sh">$ gulp \n</code></pre>\n

The word "test" is removed because pre-sanitization it looks like...

<pre><code class="lang-sh">$ gulp <span class="hljs-built_in">test</span>\n</code></pre>\n

Note the underscore in the hljs-built_in class, which doesn't match the regexp in the sanitizer.

[rlidwka]

Thanks a lot! Any other characters I missed for highlight-js?

I wish we'd have a highlighter ran after sanitizer, but it isn't currently possible. :(

[smrq]

Not sure, I haven't noticed anything else though.
On Dec 21, 2014 11:48 AM, "Alex Kocharin" notifications@github.com wrote:

Thanks a lot! Any other characters I missed for highlight-js?

I wish we'd have a highlighter ran after sanitizer, but it isn't currently
possible. :(

—
Reply to this email directly or view it on GitHub
#1 (comment).