Skip to content

Inject regex and printf format strings into PHP strings#131

Open
roxblnfk wants to merge 1 commit into
zed-extensions:mainfrom
roxblnfk:string-injections
Open

Inject regex and printf format strings into PHP strings#131
roxblnfk wants to merge 1 commit into
zed-extensions:mainfrom
roxblnfk:string-injections

Conversation

@roxblnfk

@roxblnfk roxblnfk commented Jul 5, 2026

Copy link
Copy Markdown

What

Highlight embedded mini-languages inside PHP string arguments via tree-sitter injections.

  • Regular expressions — the pattern argument of the PCRE functions (preg_match, preg_match_all, preg_replace, preg_replace_callback, preg_split, preg_grep) is injected as regex, so character classes, groups, quantifiers and anchors are highlighted. preg_quote is intentionally excluded — its first argument is a literal string to escape, not a pattern.
  • printf-style format strings — the format argument of printf/sprintf/vprintf/vsprintf (first argument) and fprintf/vfprintf/sscanf/fscanf (second argument) is injected as printf. Zed doesn't currently bundle a printf grammar, so this is dormant today (a harmless no-op, same as the java extension's printf injection) and lights up automatically if a compatible grammar is registered.

Heredoc/nowdoc bodies are untouched: Zed already resolves the tag against language names and file extensions case-insensitively (language_for_name_or_extension), so <<<SQL, <<<HTML, <<<JSON, <<<JS, <<<YML, ... already inject without per-language rules.

image

Notes

regex is bundled with Zed, so it highlights out of the box. Injection highlights the source text and does not apply PHP's string-escape unescaping, so a pattern is best written in a single-quoted string with single backslashes ('/\w+/'); a doubled backslash ('/\\w+/') is read by the regex grammar as an escaped backslash, which is correct for the source but not PHP's runtime value.

Highlight embedded mini-languages inside PHP string arguments via tree-sitter
injections:
- the pattern argument of `preg_*` calls as a regular expression;
- the format string of `printf`/`sprintf`/`vprintf`/`vsprintf` (first argument)
  and `fprintf`/`vfprintf`/`sscanf`/`fscanf` (second argument) as printf.

Heredoc/nowdoc bodies already inject by tag: Zed resolves the tag against
language names and file extensions case-insensitively, so `<<<SQL`, `<<<HTML`,
`<<<JSON`, `<<<JS`, ... already work without per-language rules.
@cla-bot cla-bot Bot added the cla-signed label Jul 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant