Merge pull request #2642 from jekyll/pygments-opts-sanitize

lib/jekyll/tags/highlight.rb

@@ -44,9 +44,11 @@ eos
         suffix = context["highlighter_suffix"] || ""
         code = super.to_s.strip
 
+        is_safe = !!context.registers[:site].safe
+
         output = case context.registers[:site].highlighter
         when 'pygments'
-          render_pygments(code)
+          render_pygments(code, is_safe)
         when 'rouge'
           render_rouge(code)
         else
@@ -57,11 +59,30 @@ eos
         prefix + rendered_output + suffix
       end
 
-      def render_pygments(code)
+      def sanitized_opts(opts, is_safe)
+        if is_safe
+          Hash[[
+            [:startinline, opts.fetch(:startinline, nil)],
+            [:hl_linenos,  opts.fetch(:hl_linenos, nil)],
+            [:linenos,     opts.fetch(:linenos, nil)],
+            [:encoding,    opts.fetch(:encoding, 'utf-8')],
+            [:cssclass,    opts.fetch(:cssclass, nil)]
+          ].reject {|f| f.last.nil? }]
+        else
+          opts
+        end
+      end
+
+      def render_pygments(code, is_safe)
         require 'pygments'
+
         @options[:encoding] = 'utf-8'
 
-        highlighted_code = Pygments.highlight(code, :lexer => @lang, :options => @options)
+        highlighted_code = Pygments.highlight(
+          code,
+          :lexer   => @lang,
+          :options => sanitized_opts(@options, is_safe)
+        )
 
         if highlighted_code.nil?
           Jekyll.logger.error "There was an error highlighting your code:"

site/docs/assets.md

@@ -21,9 +21,9 @@ or `.coffee`) and start the file with two lines of triple dashes, like this:
 
 Jekyll treats these files the same as a regular page, in that the output file
 will be placed in the same directory that it came from. For instance, if you
-have a file named `/css/styles.scss` in your site's source folder, Jekyll
+have a file named `css/styles.scss` in your site's source folder, Jekyll
 will process it and put it in your site's destination folder under
-`/css/styles.css`.
+`css/styles.css`.
 
 ## Sass/SCSS
 
@@ -38,7 +38,21 @@ sass:
     sass_dir: _sass
 {% endhighlight %}
 
-The Sass converter will default to `_sass`.
+The Sass converter will default the `sass_dir` configuration option to
+`_sass`.
+
+<div class="note info">
+  <h5>The <code>sass_dir</code> is only used by Sass</h5>
+  <p>
+
+    Note that the `sass_dir` becomes the load path for Sass imports,
+    nothing more. This means that Jekyll does not know about these files
+    directly, so any files here should not contain the YAML front matter as
+    described above nor will they be transformed as described above. This
+    folder should only contain imports.
+
+  </p>
+</div>
 
 You may also specify the output style with the `style` option in your
 `_config.yml` file:

test/test_tags.rb

@@ -87,6 +87,37 @@ CONTENT
     end
   end
 
+  context "in safe mode" do
+    setup do
+      @tag = Jekyll::Tags::HighlightBlock.new('highlight', 'text ', ["test", "{% endhighlight %}", "\n"])
+    end
+
+    should "allow linenos" do
+      sanitized = @tag.sanitized_opts({:linenos => true}, true)
+      assert_equal true, sanitized[:linenos]
+    end
+
+    should "allow hl_linenos" do
+      sanitized = @tag.sanitized_opts({:hl_linenos => %w[1 2 3 4]}, true)
+      assert_equal %w[1 2 3 4], sanitized[:hl_linenos]
+    end
+
+    should "allow cssclass" do
+      sanitized = @tag.sanitized_opts({:cssclass => "ahoy"}, true)
+      assert_equal "ahoy", sanitized[:cssclass]
+    end
+
+    should "allow startinline" do
+      sanitized = @tag.sanitized_opts({:startinline => true}, true)
+      assert_equal true, sanitized[:startinline]
+    end
+
+    should "strip unknown options" do
+      sanitized = @tag.sanitized_opts({:light => true}, true)
+      assert_nil sanitized[:light]
+    end
+  end
+
   context "post content has highlight tag" do
     setup do
       fill_post("test")