Merge pull request #117 from Automattic/master

Merging changes from version 3.5.1

Author: donnchawp

readme.txt

@@ -1,10 +1,10 @@
 === SyntaxHighlighter Evolved ===
-Contributors: Viper007Bond, automattic
-Donate link: http://www.viper007bond.com/wordpress-plugins/syntaxhighlighter/donate/
+Contributors: Viper007Bond, automattic, donncha
+Donate link: https://alex.blog/2019/03/13/in-memory-of-alex-donation-link-update/
 Tags: code, sourcecode, block, php, xhtml, html, css, WordPress.com
 Requires at least: 4.2.3
-Tested up to: 5.0
-Stable tag: trunk
+Tested up to: 5.2.3
+Stable tag: 3.5.1
 
 Easily post syntax-highlighted code to your site without having to modify the code at all. As seen on WordPress.com.
 
@@ -14,10 +14,13 @@ Easily post syntax-highlighted code to your site without having to modify the co
 
 SyntaxHighlighter Evolved allows you to easily post syntax-highlighted code to your site without losing its formatting or making any manual changes. It uses the [SyntaxHighlighter JavaScript package by Alex Gorbatchev](http://alexgorbatchev.com/wiki/SyntaxHighlighter).
 
-For a live demo, see [this plugin's homepage](http://www.viper007bond.com/wordpress-plugins/syntaxhighlighter/).
+For a live demo, see [this plugin's homepage](https://alex.blog/wordpress-plugins/syntaxhighlighter/).
 
 For a list of supported languages (most widely used languages are supported), see the [WordPress.com support document](http://en.support.wordpress.com/code/posting-source-code/).
 
+Development of this plugin is [on GitHub](https://github.com/Automattic/syntaxhighlighter).
+Translation of the plugin into different languages is on the [translation page](https://translate.wordpress.org/projects/wp-plugins/syntaxhighlighter).
+
 *[As seen on WordPress.com.](http://en.blog.wordpress.com/2009/12/02/better-source-code-posting/)*
 
 == Frequently Asked Questions ==
@@ -37,6 +40,12 @@ Try excluding this plugin's Javascript from any performance optimizations your s
 
 == ChangeLog ==
 
+= Version 3.5.1 =
+
+* Fix stored XSS by tightening up the autolinking code so it only does http/https text. #1
+* Add more CSS keywords and values. #6
+* Fork GH repository: https://github.com/Automattic/syntaxhighlighter/
+
 = Version 3.5.0 =
 
 * Block: Add a bunch of display settings.
@@ -273,3 +282,6 @@ Localizations:
 = Version 1.0.0 =
 
 * Initial release!
+
+= Upgrade Notice =
+Security fix for stored XSS in comments.

syntaxhighlighter.php

@@ -4,7 +4,7 @@
 
 Plugin Name:  SyntaxHighlighter Evolved
 Plugin URI:   https://alex.blog/wordpress-plugins/syntaxhighlighter/
-Version:      3.5.0
+Version:      3.5.1
 Description:  Easily post syntax-highlighted code to your site without having to modify the code at all. Uses Alex Gorbatchev's <a href="http://alexgorbatchev.com/SyntaxHighlighter/">SyntaxHighlighter</a>. Includes a new editor block.
 Author:       Alex Mills (Viper007Bond)
 Author URI:   https://alex.blog/

syntaxhighlighter3/scripts/shBrushCpp.js

@@ -39,7 +39,7 @@
 						'PUSHORT PVOID PWCHAR PWORD PWSTR SC_HANDLE SC_LOCK SERVICE_STATUS_HANDLE SHORT ' +
 						'SIZE_T SSIZE_T TBYTE TCHAR UCHAR UHALF_PTR UINT UINT_PTR UINT32 UINT64 ULONG ' +
 						'ULONGLONG ULONG_PTR ULONG32 ULONG64 USHORT USN VOID WCHAR WORD WPARAM WPARAM WPARAM ' +
-						'char char16_t char32_t bool short int __int32 __int64 __int8 __int16 long float double __wchar_t ' +
+						'char char8_t char16_t char32_t bool short int __int32 __int64 __int8 __int16 long float double __wchar_t ' +
 						'clock_t _complex _dev_t _diskfree_t div_t ldiv_t _exception _EXCEPTION_POINTERS ' +
 						'FILE _finddata_t _finddatai64_t _wfinddata_t _wfinddatai64_t __finddata64_t ' +
 						'__wfinddata64_t _FPIEEE_RECORD fpos_t _HEAPINFO _HFILE lconv intptr_t ' +
@@ -49,14 +49,14 @@
 						'va_list wchar_t wctrans_t wctype_t wint_t signed';
 
 		var keywords =	'alignas alignof auto break case catch class const constexpr decltype __finally __exception __try ' +
-						'const_cast continue private public protected __declspec ' +
+						'const_cast consteval concept continue private public protected __declspec ' +
 						'default delete deprecated dllexport dllimport do dynamic_cast ' +
-						'else enum explicit extern if for friend goto inline ' +
+						'else enum explicit extern if for friend final goto inline ' +
 						'mutable naked namespace new noinline noreturn nothrow noexcept nullptr ' +
-						'ref register reinterpret_cast return selectany ' +
+						'override ref register reinterpret_cast requires return selectany ' +
 						'sizeof static static_cast static_assert struct switch template this ' +
 						'thread thread_local throw true false try typedef typeid typename union ' +
-						'using uuid virtual void volatile whcar_t while';
+						'using uuid virtual void volatile whcar_t while xor xor_eq ';
 
 		var functions =	'assert isalnum isalpha iscntrl isdigit isgraph islower isprint' +
 						'ispunct isspace isupper isxdigit tolower toupper errno localeconv ' +
@@ -78,6 +78,8 @@
 		this.regexList = [
 			{ regex: SyntaxHighlighter.regexLib.singleLineCComments,	css: 'comments' },			// one line comments
 			{ regex: SyntaxHighlighter.regexLib.multiLineCComments,		css: 'comments' },			// multiline comments
+            { regex: /(R|L|U|u|u8)?"([^\\"\n]|\\.)*"/g,                 css: 'string' },			// special character
+            { regex: /(R|L|U|u|u8)?'([^\\'\n]|\\.)*'/g,                 css: 'string' },			// special string
 			{ regex: SyntaxHighlighter.regexLib.doubleQuotedString,		css: 'string' },			// strings
 			{ regex: SyntaxHighlighter.regexLib.singleQuotedString,		css: 'string' },			// strings
 			{ regex: /^ *#.*/gm,										css: 'preprocessor' },

syntaxhighlighter3/scripts/shBrushCss.js

@@ -31,35 +31,59 @@
 			return '\\b' + str.replace(/ /g, '(?!-)(?!:)\\b|\\b()') + '\:\\b';
 		};
 
-		var keywords =	'ascent azimuth background-attachment background-color background-image background-position ' +
-						'background-repeat background baseline bbox border-collapse border-color border-spacing border-style border-top ' +
-						'border-right border-bottom border-left border-top-color border-right-color border-bottom-color border-left-color ' +
-						'border-top-style border-right-style border-bottom-style border-left-style border-top-width border-right-width ' +
-						'border-bottom-width border-left-width border-width border bottom cap-height caption-side centerline clear clip color ' +
-						'content counter-increment counter-reset cue-after cue-before cue cursor definition-src descent direction display ' +
-						'elevation empty-cells float font-size-adjust font-family font-size font-stretch font-style font-variant font-weight font ' +
-						'height left letter-spacing line-height list-style-image list-style-position list-style-type list-style margin-top ' +
-						'margin-right margin-bottom margin-left margin marker-offset marks mathline max-height max-width min-height min-width orphans ' +
-						'outline-color outline-style outline-width outline overflow padding-top padding-right padding-bottom padding-left padding page ' +
-						'page-break-after page-break-before page-break-inside pause pause-after pause-before pitch pitch-range play-during position ' +
-						'quotes right richness size slope src speak-header speak-numeral speak-punctuation speak speech-rate stemh stemv stress ' +
-						'table-layout text-align top text-decoration text-indent text-shadow text-transform unicode-bidi unicode-range units-per-em ' +
-						'vertical-align visibility voice-family volume white-space widows width widths word-spacing x-height z-index';
+		var keywords =	'align-content align-items align-self alignement-adjust all anchor-point animation animation-delay animation-direction ' + 
+						'animation-duration animation-fill-mode animation-iteration-count animation-name animation-play-state animation-timing-function ' +
+						'appearance azimuth backface-visibility background background-attachment background-clip background-color background-image ' +
+						'background-origin background-position background-repeat background-size baseline-shift binding bleed bookmark-label bookmark-level ' +
+						'bookmark-state bookmark-target border border-bottom border-bottom-color border-bottom-left-radius border-bottom-right-radius ' +
+						'border-bottom-style border-bottom-width border-collapse border-color border-image border-image-outset border-image-repeat ' +
+						'border-image-slice border-image-source border-image-width border-left border-left-color border-left-style border-left-width ' +
+						'border-radius border-right border-right-color border-right-style border-right-width border-spacing border-style border-top ' +
+						'border-top-color border-top-left-radius border-top-right-radius border-top-style border-top-width border-width bottom ' +
+						'box-decoration-break box-shadow box-sizing break-after break-before break-inside caption-side chains clear clip clip-path ' +
+						'clip-rule color color-interpolation-filters color-profile column-count column-fill column-gap column-rule column-rule-color ' +
+						'column-rule-style column-rule-width column-span column-width columns contain content counter-increment counter-reset crop ' +
+						'cue cue-after cue-before cursor direction display dominant-baseline drop-initial-after-adjust drop-initial-after-align ' +
+						'drop-initial-before-adjust drop-initial-before-align drop-initial-size drop-initial-value elevation empty-cells filter flex ' +
+						'flex-basis flex-direction flex-flow flex-grow flex-shrink flex-wrap float float-offset flood-color flood-opacity font ' +
+						'font-family font-feature-settings font-kerning font-language-override font-size font-size-adjust font-stretch font-style ' +
+						'font-synthesis font-variant font-variant-alternates font-variant-caps font-variant-east-asian font-variant-ligatures ' +
+						'font-variant-numeric font-variant-position font-weight grid grid-area grid-auto-columns grid-auto-flow grid-auto-position ' +
+						'grid-auto-rows grid-column grid-column-end grid-column-start grid-row grid-row-end grid-row-start grid-template grid-template-areas ' +
+						'grid-template-columns grid-template-rows hanging-punctuation height hyphens icon image-orientation image-resolution ' +
+						'ime-mode inline-box-align justify-content left letter-spacing lighting-color line-break line-height line-stacking line-stacking-ruby ' +
+						'line-stacking-shift line-stacking-strategy list-style list-style-image list-style-position list-style-type margin margin-bottom ' +
+						'margin-left margin-right margin-top marker-offset marks mask mask-box-image mask-box-image-outset mask-box-image-repeat ' +
+						'mask-box-image-slice mask-box-image-source mask-box-image-width mask-clip mask-image mask-origin mask-position mask-repeat ' +
+						'mask-size mask-source-type mask-type max-height max-lines max-width min-height min-width move-to nav-down nav-index nav-left ' +
+						'nav-right nav-up object-fit object-position opacity order orphans outline outline-color outline-offset outline-style outline-width ' +
+						'overflow overflow-wrap overflow-x overflow-y padding padding-bottom padding-left padding-right padding-top page page-break-after ' +
+						'page-break-before page-break-inside page-policy pause pause-after pause-before perspective perspective-origin pitch pitch-range ' +
+						'play-during position presentation-level punctuation-trim quotes rendering-intent resize rest rest-after rest-before richness ' +
+						'right rotation rotation-point ruby-align ruby-overhang ruby-position ruby-span size speak speak-as speak-header speak-numeral ' +
+						'speak-punctuation speech-rate stress string-set tab-size table-layout target target-name target-new target-position text-align ' +
+						'text-align-last text-combine-horizontal text-decoration text-decoration-color text-decoration-line text-decoration-skip ' +
+						'text-decoration-style text-emphasis text-emphasis-color text-emphasis-position text-emphasis-style text-height text-indent ' +
+						'text-justify text-orientation text-outline text-overflow text-shadow text-space-collapse text-transform text-underline-position ' +
+						'text-wrap top transform transform-origin transform-style transition transition-delay transition-durations transition-property ' +
+						'transition-timing-function unicode-bidi vertical-align visibility voice-balance voice-duration voice-family voice-pitch ' +
+						'voice-range voice-rate voice-stress voice-volume volume white-space widows width word-break word-spacing word-wrap ' +
+						'writing-mode z-index';
 
 		var values =	'above absolute all always aqua armenian attr aural auto avoid baseline behind below bidi-override black blink block blue bold bolder '+
-						'both bottom braille capitalize caption center center-left center-right circle close-quote code collapse compact condensed '+
-						'continuous counter counters crop cross crosshair cursive dashed decimal decimal-leading-zero default digits disc dotted double '+
-						'embed embossed e-resize expanded extra-condensed extra-expanded fantasy far-left far-right fast faster fixed format fuchsia '+
-						'gray green groove handheld hebrew help hidden hide high higher icon inline-table inline inset inside invert italic '+
-						'justify landscape large larger left-side left leftwards level lighter lime line-through list-item local loud lower-alpha '+
+						'border-box both bottom braille capitalize caption center center-left center-right circle close-quote code collapse compact condensed '+
+						'continuous content-box counter counters cover crop cross crosshair cursive dashed decimal decimal-leading-zero default digits disc dotted double '+
+						'embed embossed e-resize expanded extra-condensed extra-expanded fantasy far-left far-right fast faster fixed flex format fuchsia '+
+						'gray green groove handheld hebrew help hidden hide high higher icon infinite inherit inline-block inline-table inline inset inside invert italic '+
+						'justify landscape large larger left-side left leftwards level lighter lime linear linear-gradient line-through list-item local loud lower-alpha '+
 						'lowercase lower-greek lower-latin lower-roman lower low ltr marker maroon medium message-box middle mix move narrower '+
 						'navy ne-resize no-close-quote none no-open-quote no-repeat normal nowrap n-resize nw-resize oblique olive once open-quote outset '+
-						'outside overline pointer portrait pre print projection purple red relative repeat repeat-x repeat-y rgb ridge right right-side '+
-						'rightwards rtl run-in screen scroll semi-condensed semi-expanded separate se-resize show silent silver slower slow '+
-						'small small-caps small-caption smaller soft solid speech spell-out square s-resize static status-bar sub super sw-resize '+
-						'table-caption table-cell table-column table-column-group table-footer-group table-header-group table-row table-row-group teal '+
-						'text-bottom text-top thick thin top transparent tty tv ultra-condensed ultra-expanded underline upper-alpha uppercase upper-latin '+
-						'upper-roman url visible wait white wider w-resize x-fast x-high x-large x-loud x-low x-slow x-small x-soft xx-large xx-small yellow';
+						'outside overline pointer portrait pre print projection purple red relative repeat repeat-x repeat-y rgb rgba ridge right right-side '+
+						'rightwards rotate row rtl run-in scale screen scroll semi-condensed semi-expanded separate se-resize show silent silver skewX skewY slower slow '+
+						'small small-caps small-caption smaller space-around soft solid speech spell-out square s-resize static status-bar sub super sw-resize '+
+						'table table-caption table-cell table-column table-column-group table-footer-group table-header-group table-row table-row-group teal '+
+						'text-bottom text-top thick thin top translate translateX translateY transparent tty tv ultra-condensed ultra-expanded underline upper-alpha uppercase upper-latin '+
+						'upper-roman url visible wait webkit-box white wider wrap w-resize x-fast x-high x-large x-loud x-low x-slow x-small x-soft xx-large xx-small yellow';
 
 		var fonts =		'[mM]onospace [tT]ahoma [vV]erdana [aA]rial [hH]elvetica [sS]ans-serif [sS]erif [cC]ourier mono sans serif';
 

syntaxhighlighter3/scripts/shBrushPython.js

@@ -23,7 +23,7 @@
 	{
 		// Contributed by Gheorghe Milas and Ahmad Sherif
 
-		var keywords =  'and assert break class continue def del elif else ' +
+		var keywords =  'and assert async await break class continue def del elif else ' +
 						'except exec finally for from global if import in is ' +
 						'lambda not or pass raise return try yield while';