HTML tags are stripped out instead of being escaped
-
I’m using Highlight.js in Prismatic v2.4. When I insert some XML/HTML code using the “Add Highlight.js” button, it inserts only the texts inside tags ( the tags themselves are removed).
How to replicate:
insert a code snippet using the “Add Highlight.js” button. Paste the following snippet in the box:<dependencies> <dependency> <groupId>com.baeldung</groupId> <artifactId>optional-project</artifactId> <version>1.0</version> <optional>true</optional> </dependency> </dependencies>
When the code block is inserted into the page, it strips the tags, and appears as in the screenshot:
http://staging11.baeldung.com/Screenshot%20from%202020-07-24%2017-50-03.pngI’ve tried various options for “Content code escape” setting, with no difference. XML/HTML code can be inserted only if it is already escaped ( “<” and “>” replaced by & lt; and & gt; )
The suggested fix is to edit “prismatic/js/buttons-highlight.js” file on line 101:
instead of
ed.insertContent('<pre><code class="language-'+ code.language +'">'+ code.snippet + '</code></pre>');
use
ed.insertContent('<pre><code class="language-'+ code.language +'">'+ tinymce.DOM.encode(code.snippet) + '</code></pre>');
- The topic ‘HTML tags are stripped out instead of being escaped’ is closed to new replies.