Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
1Password Chrome extension is incorrectly manipulating <code> blocks
The latest 1Password Chrome extension is incorrectly manipulating the DOM within <code> blocks on static pages. It looks it's using prism.js to try to add syntax highlighting to <code> blocks on the ...
Hey everyone! I want to thank everyone who called our attention to this and explain what happened and what we’re doing about it.
What happened: Prism.js is a syntax-highlighting library we use for our Labs Snippets feature. While optimizing our build to reduce bundle size, we unintentionally bundled Prism.js into the extension in a way that caused it to run on pages where it shouldn’t, which interfered with code formatting on certain sites. We apologize for the inconvenience this caused.What we’re doing about it: We’ve completed the fix and submitted it to the Chrome Web Store, along with Firefox, Edge, and our other supported extension storefronts. Rollout timing depends on each store’s review process, but we expect it to land over the next few days.
We want to emphasize that vault security was not impacted. At 1Password, protecting our customers’ privacy, passwords, and credentials is our highest priority.
We’ll be publishing a postmortem covering what went wrong, the timeline, and the concrete changes we’re making to how we build and release future browser extension updates.
I've just spent hours trying to track down this very issue with a new server-side syntax highlighting plugin i'm writing. It was working fine, then a couple of days ago, noticed the behavior where it was highlighting correctly, then quickly rewrites to this monochrome version. I thought some other JS was injecting prism.js, and eventually got desperate enough to disable plugins.. I was shocked to find it was 1password, and not some of the json highlighter plugins i had installed.
Please fix this asap, it's a huge pain, and causing much hassle. I have had to switch 1password to activate on 'click' which is a royal pain, but there's no other way of turning it off apparently.
FYI, tried nightly 1Password release, no dice.. still a problem
