Don't use inline CSS for HTML output #121
Comments
|
Syntect already has a helper for doing this: https://docs.rs/syntect/1.8.0/syntect/html/fn.tokens_to_classed_html.html The trick is it puts all tokens of the scope in the class, which is a bit more bloated than equivalent code from say, Pygments. It does allow you to take advantage of the richer information Sublime provides though. I'm unlikely to implement this feature myself, but I think the way to go would be to come up with a scope selector set that corresponds to the standard Pygments classes, and then use those to output HTML with classes. That way people can use Pygments themes. |
|
Hmmm my main goal is not really to preserve the entire information... I think I'll do my own html output module with CSS support. Afaik the public API should allow for that. |
|
@est31 if your HTML module ends up doing something generally useful like outputting classed HTML with the Pygments classes, I would appreciate if you contribute it upstream, although of course you don't have to. |
Inline CSS can be used inside XSS attacks. That's why it is generally a good thing to disable inline CSS via the CSP header.
However, this library outputs HTML that uses inline CSS. Instead I'd love to see a mode (maybe even change of the default?) where the HTML output uses
class="..."instead ofstyle="...", with a separate function that returns appropriate CSS code for a givenThemeinstance. You could then still have inline CSS via<style></style>tags, but you'd have a choice. Also, it might not be relevant as those strings would show up in huffman trees pretty quickly (so any gzip like transfer compression would make the effects irrelevant), butstyle="color:#96b5b4;"takes up more space thanclass="highlight". Bonus points that switching themes would now only mean switching of css files!The text was updated successfully, but these errors were encountered: