If you use my SyntaxHighlighter Evolved WordPress plugin, please update ASAP. There’s a security issue with the Flash file that is used by version 2 of the highlighting library. This file is meant to be used for allowing one-click copying of the code to your clipboard (since normal copy/paste doesn’t work with it) but the file reportedly suffers from a cross-site scripting security issue.
Even if you use the better version 3 of the library (the default for my plugin), the file from version 2 of the library will still be included in the plugin’s files.
As a temporary fix, I have emptied out the file. This unfortunately means your visitors will not easily be able to copy any code you paste. I recommend switching to the superior version 3 via my plugin’s settings page. Code highlighted using the newer version can be selected and copied normally.
Feel free to leave any questions you have about this security issue on this post but please leave other general SyntaxHighlighter comments on the plugin’s homepage. Thanks.
Not everyone was happy with the new highlighting package featured in SyntaxHighlighter v3.0.0 and using old versions of plugins is a bad idea (you miss out on features, bug fixes, etc.) so I’ve added the ability to toggle between v2 and v3 of Alex G’s SyntaxHighlighting package. I’ve also fixed a few bugs that were discovered post-release (such as HTML entities being broken in the Visual editor).
Everyone, including those who downgraded to v2.x of my plugin, should upgrade to v3.1.0 of my plugin.
One thing to note by the way: I would stay far, far away from TinyMCE (the Visual editor/tab) when blogging about code. It has the nasty little habit of attempting to “clean up” your code (namely HTML) for you and in the process with mess up your code. If you’re writing code, what are you doing using a WYSIWYG editor anyway?
- The new version of Alex G.’s script makes it easier to select and copy code. You can just drag your mouse to highlight and you will no longer get line numbers or you can double-click the code to highlight it all (in plain text to avoid getting the colors). Click off of the code to get it to go back to the colorized version.
- You can specify a range of line numbers to highlight. Instead of having to do
highlight="5,6,7,8,9,10,14"you can now just do
- BuddyPress support.
- A few new custom brushes (Clojure and the R language) and a Ukrainian translation.
Upgrade or download it now!
I’ve released a new version of my SyntaxHighlighter Evolved plugin. It’s not a recode of the plugin, however it is a major overhaul of the plugin. It features an update to the highlighting package (with new languages and parameters) and other various things. Here’s the full changelog:
Major overhaul, mainly to extend flexibility so that this plugin could be used on WordPress.com without actual code modification (only actions/filters are used instead to modify it).
- Updated SyntaxHighlighter package to v2.1.364. Highlights of the changelog include:
- ColdFusion brush (aliases:
- Erlang brush (aliases:
- Objective-C brush (aliases:
- Eclipse theme
padlinenumbersparameter. Set it to
falsefor no line number padding,
truefor automatic padding, or an integer (number) for forced padding.
rbalias for Ruby
- Commenters can now use this plugin to post code.
- Plugin’s shortcodes now work inside of the text widget again. Requires WordPress 2.9+ though.
- Overhaul of the TinyMCE plugin that assists in keeping your code sound when switching editor views. Thanks to Andrew Ozz!
- This plugin’s stylesheets are now dynamically loaded. If they aren’t needed, they aren’t loaded.
- Lots of sanitization of shortcode attributes. Invalid keys/values are no longer used.
- Chinese translation thanks to Hinker Liu. Will need updating for v2.3.0.
- New filter to control what shortcodes are registered. Used by WordPress.com to trim down the number of them.
- Saving of user’s settings is now done using
register_setting()instead of manually handing
- By default, a post meta is used to mark posts as being encoded using the 2.x encoding format. This is bad for a site like WordPress.com. You can use the new
syntaxhighlighter_pre_getcodeformatfilter to return
2(based on say
SyntaxHighlighter:get_code_format()for more details. Don’t forget to
remove_action( 'save_post', array(&$SyntaxHighlighter, 'mark_as_encoded'), 10, 2 );to stop the post meta from being added.
syntaxhighlighter_precodefilter to modify raw code before it’s highlighted.
syntaxhighlighter_democodefilter to modify example code on the settings page.
- Major speed improvement thanks to a patch by Jose Prado. SyntaxHighlighter now can render 4-5k lines in just a second or two (tested on a MacBook Pro 2.4GHz).
wrap-linesparameter option to disable line wrapping. See demo. (This can be accessed in my plugin via the “
- Toolbar is now activated on mouse over.
- Added ActionScript3 brush (thanks to Peter Atoria).
- Added JavaFX brush (thank to Patrick Webster).
- Added PowerShell brush (thanks to B.v.Zanten, Getronics)
An update notice should appear in your admin area soon.