Important Security Update For SyntaxHighlighter Evolved

If you use my popular SyntaxHighlighter Evolved WordPress plugin, please upgrade immediately. Ben Bidner discovered a security issue with the JavaScript highlighting library that my plugin uses. A couple of my Automattic co-workers and I worked with the author of that library to resolve the issue and the latest version of my plugin, 3.1.10, includes the fix.

Important Security Update For SyntaxHighlighter Evolved

If you use my SyntaxHighlighter Evolved WordPress plugin, please update ASAP. There’s a security issue with the Flash file that is used by version 2 of the highlighting library. This file is meant to be used for allowing one-click copying of the code to your clipboard (since normal copy/paste doesn’t work with it) but the file reportedly suffers from a cross-site scripting security issue.

Even if you use the better version 3 of the library (the default for my plugin), the file from version 2 of the library will still be included in the plugin’s files.

As a temporary fix, I have emptied out the file. This unfortunately means your visitors will not easily be able to copy any code you paste. I recommend switching to the superior version 3 via my plugin’s settings page. Code highlighted using the newer version can be selected and copied normally.

Feel free to leave any questions you have about this security issue on this post but please leave other general SyntaxHighlighter comments on the plugin’s homepage. Thanks.

SyntaxHighlighter v3.1.0 Released, Features Old Style Script Option

Not everyone was happy with the new highlighting package featured in SyntaxHighlighter v3.0.0 and using old versions of plugins is a bad idea (you miss out on features, bug fixes, etc.) so I’ve added the ability to toggle between v2 and v3 of Alex G’s SyntaxHighlighting package. I’ve also fixed a few bugs that were discovered post-release (such as HTML entities being broken in the Visual editor).

Everyone, including those who downgraded to v2.x of my plugin, should upgrade to v3.1.0 of my plugin.

One thing to note by the way: I would stay far, far away from TinyMCE (the Visual editor/tab) when blogging about code. It has the nasty little habit of attempting to “clean up” your code (namely HTML) for you and in the process with mess up your code. If you’re writing code, what are you doing using a WYSIWYG editor anyway? ;)

SyntaxHighlighter Evolved v3.0.0: What’s New

I finally found some time to work on my SyntaxHighlighter Evolved plugin and upgrade it use the latest version of Alex Gorbatchev’s highlighter.

What’s New

  • The new version of Alex G.’s script makes it easier to select and copy code. You can just drag your mouse to highlight and you will no longer get line numbers or you can double-click the code to highlight it all (in plain text to avoid getting the colors). Click off of the code to get it to go back to the colorized version.
  • You can specify a range of line numbers to highlight. Instead of having to do highlight="5,6,7,8,9,10,14" you can now just do highlight="5-10,14".
  • BuddyPress support.
  • A few new custom brushes (Clojure and the R language) and a Ukrainian translation.

Upgrade or download it now! :)