Quotes in YAML codeblocks can escape and leak onto the page

[Noxsios]

What version of starlight are you using?

0.21.2

What version of astro are you using?

4.5.12

What package manager are you using?

npm

What operating system are you using?

Linux

What browser are you using?

Brave (Chromium)

Describe the Bug

Note sure if this is a bug in Starlight, Astro, Expressive Code or Shiki.

Seeing the following weird behavior for certain YAML codeblocks. I think something is not properly escaping " >, resulting in code getting leaked.

markdown to replicate:

broken:

```yaml
cmd: echo "foo" && echo "bar" > /tmp/hello.txt
```

working:

```yaml
# comment before causes it to work
cmd: echo "foo" && echo "bar" > /tmp/hello.txt
```

```yaml
- echo "foo" && echo "bar" > /tmp/hello.txt
```

```bash
echo "foo" && echo "bar" > /tmp/hello.txt
```

Link to Minimal Reproducible Example

https://stackblitz.com/edit/github-sdjcwl-k7jz7g?file=src%2Fcontent%2Fdocs%2Findex.mdx

Participation

• I am willing to submit a pull request for this issue.

[delucis]

Thank you for the issue @Noxsios! I’m guessing this might be an issue in https://github.com/expressive-code/expressive-code.

Will see what @hippotastic thinks!

[delucis]

Did some debugging and looks like this is actually an Astro regression introduced in astro@4.5.3, most likely by #9820

Will move this over to the Astro repo and in the meantime pinning Astro to 4.5.2 should fix things.

[delucis]

For context:

• Expressive Code uses a data-code attribute in its copy button to store the code to copy to the clipboard.
• In Astro 4.5.2 and lower this was correctly escaped, but in 4.5.3 and higher certain strings are not escaped properly, and end up getting rendered as HTML.

[Noxsios]

tyvm @delucis and @ematipico !