You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By the historical background, Marp has detected the language for syntax highlight in the code block automatically until now.
```const a = 1```
However, this behavior is a bit confusable because the other services using Markdown have not colored the plain code block. e.g. marp-team/marp-vscode#12 had mentioned to this problem.
In addition, recently we've recieved the potential ReDOS vulnerabilities in GHSA-7wwv-vh3v-89cq (Fix in #201). Using highlightAuto may be vulnerable.
By the historical background, Marp has detected the language for syntax highlight in the code block automatically until now.
However, this behavior is a bit confusable because the other services using Markdown have not colored the plain code block. e.g. marp-team/marp-vscode#12 had mentioned to this problem.
In addition, recently we've recieved the potential ReDOS vulnerabilities in GHSA-7wwv-vh3v-89cq (Fix in #201). Using
highlightAutomay be vulnerable.marp-core/src/marp.ts
Line 98 in daa5060
Thus, we have to consider stopping auto detection of syntax highlight language.
This change will break existed slides, and affected user should specify the language manually. But I think this is a natural behavior as Markdown.
The text was updated successfully, but these errors were encountered: