Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quotes in YAML codeblocks can escape and leak onto the page #10726

Closed
1 task
Noxsios opened this issue Apr 8, 2024 · 4 comments · Fixed by #10728
Closed
1 task

Quotes in YAML codeblocks can escape and leak onto the page #10726

Noxsios opened this issue Apr 8, 2024 · 4 comments · Fixed by #10728
Assignees
@ematipico
Labels
- P4: important Violate documented behavior or significantly impacts performance (priority) regression

Comments

@Noxsios
Copy link

Noxsios commented Apr 8, 2024

What version of starlight are you using?

0.21.2

What version of astro are you using?

4.5.12

What package manager are you using?

npm

What operating system are you using?

Linux

What browser are you using?

Brave (Chromium)

Describe the Bug

Note sure if this is a bug in Starlight, Astro, Expressive Code or Shiki.

Seeing the following weird behavior for certain YAML codeblocks. I think something is not properly escaping " >, resulting in code getting leaked.

Screenshot 2024-04-08 at 1 13 09 PM

Screenshot 2024-04-08 at 1 12 59 PM

markdown to replicate:

broken:

```yaml
cmd: echo "foo" && echo "bar" > /tmp/hello.txt
```

working:

```yaml
# comment before causes it to work
cmd: echo "foo" && echo "bar" > /tmp/hello.txt
```

```yaml
- echo "foo" && echo "bar" > /tmp/hello.txt
```

```bash
echo "foo" && echo "bar" > /tmp/hello.txt
```

Link to Minimal Reproducible Example

https://stackblitz.com/edit/github-sdjcwl-k7jz7g?file=src%2Fcontent%2Fdocs%2Findex.mdx

Participation

  • I am willing to submit a pull request for this issue.
@Noxsios Noxsios mentioned this issue Apr 8, 2024
Merged
5 tasks
@delucis
Copy link
Member

delucis commented Apr 9, 2024

Thank you for the issue @Noxsios! I’m guessing this might be an issue in https://github.com/expressive-code/expressive-code.

Will see what @hippotastic thinks!

@delucis
Copy link
Member

delucis commented Apr 9, 2024

Did some debugging and looks like this is actually an Astro regression introduced in astro@4.5.3, most likely by #9820

Will move this over to the Astro repo and in the meantime pinning Astro to 4.5.2 should fix things.

@delucis delucis transferred this issue from withastro/starlight Apr 9, 2024
@github-actions github-actions bot added the needs triage Issue needs to be triaged label Apr 9, 2024
@Princesseuh Princesseuh added - P4: important Violate documented behavior or significantly impacts performance (priority) regression and removed needs triage Issue needs to be triaged labels Apr 9, 2024
@delucis
Copy link
Member

delucis commented Apr 9, 2024

For context:

  • Expressive Code uses a data-code attribute in its copy button to store the code to copy to the clipboard.
  • In Astro 4.5.2 and lower this was correctly escaped, but in 4.5.3 and higher certain strings are not escaped properly, and end up getting rendered as HTML.

@ematipico ematipico self-assigned this Apr 9, 2024
@ematipico ematipico mentioned this issue Apr 9, 2024
Merged
@Noxsios
Copy link
Author

Noxsios commented Apr 10, 2024
edited
Loading

tyvm @delucis and @ematipico !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ematipico ematipico

Labels
- P4: important Violate documented behavior or significantly impacts performance (priority) regression
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: regression for astro attributes escaping withastro/astro
4 participants
@delucis @ematipico @Princesseuh @Noxsios