From 0e8b6fd8501de6bb4b75970f760977690920099e Mon Sep 17 00:00:00 2001 From: edukisto <52005215+edukisto@users.noreply.github.com> Date: Mon, 30 Nov 2020 05:08:52 +0300 Subject: [PATCH 1/2] Do not highlight CSP directive names with adjacent hyphens --- components/prism-csp.js | 3 ++- components/prism-csp.min.js | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/components/prism-csp.js b/components/prism-csp.js index 861f5a0972..c8facbc30f 100644 --- a/components/prism-csp.js +++ b/components/prism-csp.js @@ -11,7 +11,8 @@ Prism.languages.csp = { 'directive': { - pattern: /\b(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)\b/i, + pattern: /(^|[^-\da-z])(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)(?=[^-\da-z]|$)/i, + lookbehind: true, alias: 'keyword' }, 'safe': { diff --git a/components/prism-csp.min.js b/components/prism-csp.min.js index b07a47aca1..6da48ba61d 100644 --- a/components/prism-csp.min.js +++ b/components/prism-csp.min.js @@ -1 +1 @@ -Prism.languages.csp={directive:{pattern:/\b(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)\b/i,alias:"keyword"},safe:{pattern:/'(?:self|none|strict-dynamic|(?:nonce-|sha(?:256|384|512)-)[a-zA-Z\d+=/]+)'/,alias:"selector"},unsafe:{pattern:/(?:'unsafe-inline'|'unsafe-eval'|'unsafe-hashed-attributes'|\*)/,alias:"function"}}; \ No newline at end of file +Prism.languages.csp={directive:{pattern:/(^|[^-\da-z])(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)(?=[^-\da-z]|$)/i,lookbehind:!0,alias:"keyword"},safe:{pattern:/'(?:self|none|strict-dynamic|(?:nonce-|sha(?:256|384|512)-)[a-zA-Z\d+=/]+)'/,alias:"selector"},unsafe:{pattern:/(?:'unsafe-inline'|'unsafe-eval'|'unsafe-hashed-attributes'|\*)/,alias:"function"}}; \ No newline at end of file From 458d9788ca3d809529d224ea687fd7a70f955239 Mon Sep 17 00:00:00 2001 From: edukisto <52005215+edukisto@users.noreply.github.com> Date: Mon, 30 Nov 2020 21:01:21 +0300 Subject: [PATCH 2/2] Add a test case for CSP directive names with adjacent hyphens --- tests/languages/csp/issue2661.test | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 tests/languages/csp/issue2661.test diff --git a/tests/languages/csp/issue2661.test b/tests/languages/csp/issue2661.test new file mode 100644 index 0000000000..1d25bd01f1 --- /dev/null +++ b/tests/languages/csp/issue2661.test @@ -0,0 +1,11 @@ +default-src-is-a-fake; fake-default-src; + +---------------------------------------------------- + +[ + "default-src-is-a-fake; fake-default-src;" +] + +---------------------------------------------------- + +Checks for directive names with adjacent hyphens.