code-decorations.js

Client-side syntax highlighter for mixed source files (HTML, PHP, JavaScript, Lua). Produces styled HTML by wrapping recognised constructs in  elements with CSS classes. No dependencies — pure vanilla JS.

Overview

The library exposes three functions that form a two-phase pipeline:

Phase 1 — structural: tag_parsing(html) identifies and wraps HTML/PHP tags.
Phase 2 — source: source_coloring(html) colorizes language constructs.
Orchestrator: text_coloring(viewer, html) runs both phases and injects the result into the DOM.

The key design constraint is that Phase 2 must not corrupt the markup emitted by Phase 1. Both phases solve this with a tokenize → transform → restore pattern: protected regions are replaced with opaque placeholder tokens before any regex passes run, and restored verbatim afterwards.

CSS Classes Reference

Class	Applied to
`tag`	The `<` and `>` angle brackets of an HTML tag
`tag-inside`	Everything between the angle brackets of an HTML tag
`tag-name`	The tag name itself (e.g. `div`, `span`), set in post-processing
`source-coloring`	Base class on all source-level highlights
`source-string`	String literals
`source-comment`	Comments (C-style, Lua)
`source-keyword`	Language keywords (JS + Lua)
`source-underline`	Function names in definitions

Function Reference

`tag_parsing(html: string): string`

Converts raw source text into display-safe HTML, detecting and wrapping HTML tags with styled spans.

Processing order:

Escape bare & → &.
Escape the } sequence that appears literally in {close-tag} sentinel strings.
Tokenize PHP blocks (<? … ?>) — replaces each block with a placeholder so that > inside PHP expressions (e.g. $obj->prop) cannot close an HTML tag prematurely. Each block is stored as entity-escaped text.
Replace all remaining < / > with sentinels {open-tag} / {close-tag}.
Match {open-tag}letter…{close-tag} and wrap as .tag / .tag-inside spans.
Convert any remaining sentinels to < / >.
Restore PHP tokens as their entity-escaped source text.

`text_coloring(text_viewer: Element, html: string): void`

Orchestrates the full highlight pipeline and writes the result into the DOM.

Calls tag_parsing(html).
Calls source_coloring(html).
Sets text_viewer.innerHTML.
Post-processes each .tag-inside span to wrap the leading tag name in a .tag-name span.

`source_coloring(html: string): string`

Colorizes source-code constructs. Receives the output of tag_parsing (which contains real  markup). All passes use tokenization so that earlier-protected regions are immune to later passes.

Pass order:

Protect HTML tags — tokenize existing  /  markup emitted by tag_parsing; restored last.
Protect strings — JS/Lua single-quoted, double-quoted, and template (`…`) literals; stored with source-string wrapping already applied.
Protect comments:
- C-style // single-line (excluding :// in URLs)
- C-style /* … */ multi-line
- Lua --[[ … ]] / --[=[ … ]=] multi-line (all level variants)
- Lua -- single-line (excluding long-comment openings)
Highlight HTTP/HTTPS links.
Highlight function names in definitions (function name().
Highlight braces { } and the escaped form }.
Highlight keywords (JavaScript + Lua, word-boundary matched).
Restore comments → strings → HTML tags in reverse protection order.

Supported keywords:

Language	Keywords
JavaScript	`function var let const if else switch for while break continue return yield null true false`
Lua	`nil and or not repeat until goto local do end if then else elseif while for in`

Changelog (since initial version)

Fix — source_coloring corrupting tag_parsing output
Added HTML tag tokenization as the first pass in source_coloring. Previously, keyword and brace regexes would match characters inside  markup, breaking the generated HTML structure.

Fix — PHP expressions with > breaking tag detection
Replaced the one-liner html.replaceAll("?>", "?>") with a full PHP block tokenization pass in tag_parsing. The old approach only escaped the closing ?> but left inner > (e.g. in $obj->prop or htmlspecialchars($x)) unprotected, causing the tag matcher to misfire on attribute values like <input value="<?= htmlspecialchars($contact->name) ?>">.

Feature — string and comment protection in source_coloring
Added tokenization passes for string literals and comments before keyword/brace/function passes. Previously, keywords or braces appearing inside strings or comments were incorrectly highlighted. Lua multi-line and single-line comment styles added.

Feature — expanded keyword list
Added full Lua keyword set and missing JS keywords (null, true, false, yield). Removed the ops() parenthesis-suffix helper — plain word-boundary (\b) matching is more correct and handles all usage patterns (assignments, returns, etc.).

Docs — JSDoc headers
Added /** … */ JSDoc blocks to all three public functions documenting parameters, return types, and the multi-pass pipeline order. Note: the literal */ sequence inside the source_coloring JSDoc is written as /* … * / (space before /) to avoid prematurely closing the comment block — a self-referential constraint of the format.

Known Limitations

Backtick inline code inside JSDoc comments is matched as a template string by the string-protection pass, so it appears string-colored rather than comment-colored when the file highlights itself.
Regex literals in JS source are not protected — character classes containing ', " or keywords may be incorrectly colored.
PHP-specific constructs ($variable, # comments, PHP-only keywords such as echo, class, foreach) are not yet highlighted.
Nested Lua long comments (--[[ --[[ ]] ]]) are not handled.