From 80530012b8d923794ae2c255b72e815733e447cf Mon Sep 17 00:00:00 2001
From: Brady <thatgravyboat@gmail.com>
Date: Tue, 6 Jun 2023 18:43:23 -0230
Subject: [PATCH] Fix hljs class parsing (#1174)

---
 helpers/parse.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/helpers/parse.js b/helpers/parse.js
index c04b4671..185834f8 100644
--- a/helpers/parse.js
+++ b/helpers/parse.js
@@ -50,12 +50,14 @@ export const configuredXss = new xss.FilterXSS({
     }
 
     // For Highlight.JS
-    if (
-      name === 'class' &&
-      ['pre', 'code', 'span'].includes(tag) &&
-      (value.startsWith('hljs-') || value.startsWith('language-'))
-    ) {
-      return name + '="' + xss.escapeAttrValue(value) + '"'
+    if (name === 'class' && ['pre', 'code', 'span'].includes(tag)) {
+      const allowedClasses = []
+      for (const className of value.split(/\s/g)) {
+        if (className.startsWith('hljs-') || className.startsWith('language-')) {
+          allowedClasses.push(className)
+        }
+      }
+      return name + '="' + xss.escapeAttrValue(allowedClasses.join(' ')) + '"'
     }
   },
   safeAttrValue(tag, name, value, cssFilter) {