<code>
elements with newlines in the text
which use CSS to specify white-space:pre
will have the newlines
improperly stripped if the element is not attached to the document at the time
the stripping is done. Also, on IE 6, all newlines will be stripped from
<code>
elements because of the way IE6 produces
innerHTML
. Workaround: use <pre>
for code with
newlines.
prettyPrintOne
was not halting. This was not
reachable through the normal entry point.
is no longer applicable.Caveats: please properly escape less-thans. x<y instead of x<y, and use " instead of " for string delimiters.
lang-<language-file-extension>
'''string'''
/
in regex [charsets] should not end regex
nocode
spans to allow embedding of line
numbers and code annotations which should not be styled or otherwise
affect the tokenization of prettified code.
See the issue 22
testcase.
<code>
blocks with embedded newlines.
 
instead of
so that the output works when embedded in XML.
Bug
108.prettyPrintOne
injects the HTML
passed to it into a <pre>
element.
If the HTML comes from a trusted source, this may allow XSS.
Do not do this. This should not be a problem for existing apps
since the standard usage is to rewrite the HTML and then inject
it, so anyone doing that with untrusted HTML already has an XSS
vulnerability. If you sanitize and prettify HTML from an
untrusted source, sanitize first.