feat: Add codeblock highlight support in ChatInterface

[ZhenhongDu]

This pull request leverages the react-syntax-highlighter library and the Prism.js syntax parser to implement multi-language code syntax highlighting in the chat interface.

Summary by CodeRabbit

• New Features

  • Code blocks now render with syntax highlighting for improved readability.
  • Language type is auto-detected and shown as a badge on code blocks when available.
  • Copy-to-clipboard button added to code blocks with visual confirmation after copying.

• Chores

  • Added a syntax-highlighting library dependency to support the new rendering.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Replaces manual

 rendering in ChatInterface with a Prism-based react-syntax-highlighter; extracts language from className (defaults to text), shows a language badge, and adds a copy-to-clipboard button with Clipboard API + execCommand fallback.

Changes



Cohort / File(s)
Summary




Dependency 
 package.json
Added react-syntax-highlighter ^15.6.1.


Chat UI / Code rendering 
 src/components/ChatInterface.jsx
Replaced manual <pre><code> rendering with Prism SyntaxHighlighter + oneDark style; runtime language extraction from className (defaults to text); language badge; copy-to-clipboard button with visual feedback and Clipboard API fallback; adjusted code-block styling.



Sequence Diagram(s)
sequenceDiagram
    participant User
    participant ChatUI as ChatInterface (React)
    participant Highlighter as react-syntax-highlighter
    participant ClipboardAPI as navigator.clipboard
    participant Fallback as document.execCommand

    rect rgba(66,133,244,0.06)
    Note right of ChatUI: Render incoming message\ndetect code block and language
    ChatUI->>Highlighter: Render code block (language detected/default 'text')
    Highlighter-->>ChatUI: Rendered code block with badge + copy button
    end

    User->>ChatUI: Clicks "Copy" button
    ChatUI->>ClipboardAPI: writeText(code)
    alt Clipboard API available
        ClipboardAPI-->>ChatUI: success
        ChatUI-->>User: show "Copied" feedback
    else Clipboard API unavailable/fails
        ChatUI->>Fallback: execCommand('copy')
        alt Fallback success
            Fallback-->>ChatUI: success
            ChatUI-->>User: show "Copied" feedback
        else
            Fallback-->>ChatUI: failure
            ChatUI-->>User: show "Copy failed" feedback
        end
    end

Estimated code review effort
🎯 3 (Moderate) | ⏱️ ~25 minutes
Possibly related PRs

siteboon/claudecodeui#215: Also modifies src/components/ChatInterface.jsx to change code block rendering and add a copy button — overlaps on UI/UX for code blocks.

Poem

🐰 I hopped through lines of colored light,

I found the languages tucked in sight,

A tiny badge to show each tongue,

A button clicked — the bytes are flung.

Hop, paste, repeat — the code is fun!



Pre-merge checks and finishing touches

✅ Passed checks (3 passed)



Check name
Status
Explanation




Description Check
✅ Passed
Check skipped - CodeRabbit’s high-level summary is enabled.


Title check
✅ Passed
The title accurately summarizes the main change: adding code block syntax highlighting support to the ChatInterface component.


Docstring Coverage
✅ Passed
No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.







✨ Finishing touches

  📝 Generate docstrings





📜 Recent review details
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro

📥 Commits
Reviewing files that changed from the base of the PR and between 81c0773358e085b9d9fd6d665555c1d826d09eed and ee3917b3f99963382caddadea8e86181e3a29020.


⛔ Files ignored due to path filters (1)

package-lock.json is excluded by !**/package-lock.json



📒 Files selected for processing (2)

package.json
src/components/ChatInterface.jsx



🚧 Files skipped from review as they are similar to previous changes (1)

src/components/ChatInterface.jsx





Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

X
Mastodon
Reddit
LinkedIn


Comment @coderabbitai help to get the list of available commands and usage tips.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/components/ChatInterface.jsx (1)

337-353: Consider validating language support and documenting performance characteristics.

The SyntaxHighlighter implementation looks good, but consider these optional improvements:

1. Language validation: Currently, if an unsupported language is passed, Prism falls back to plain text rendering without indication. Consider validating against Prism's supported languages or documenting this behavior.

2. Performance consideration: SyntaxHighlighter can be expensive for large code blocks (>1000 lines). Consider adding a size threshold beyond which syntax highlighting is disabled or using react-syntax-highlighter's light build with only essential languages.

Example language validation:

// Add after line 264
const SUPPORTED_LANGUAGES = ['javascript', 'typescript', 'python', 'java', 'cpp', 'c', 'csharp', 'go', 'rust', 'ruby', 'php', 'swift', 'kotlin', 'scala', 'bash', 'shell', 'sql', 'html', 'css', 'json', 'yaml', 'xml', 'markdown', 'text'];
const language = match && SUPPORTED_LANGUAGES.includes(match[1]) ? match[1] : 'text';

Or for performance optimization:

// Add before SyntaxHighlighter
const lineCount = raw.split('\n').length;
const shouldHighlight = lineCount < 500; // Threshold for syntax highlighting

// Then conditionally render
{shouldHighlight ? (
  <SyntaxHighlighter {...props}>
    {raw}
  </SyntaxHighlighter>
) : (
  <pre className="...">
    <code>{raw}</code>
  </pre>
)}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3a72a26 and 89c9aec.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• package.json (1 hunks)
• src/components/ChatInterface.jsx (5 hunks)

🔇 Additional comments (3)

src/components/ChatInterface.jsx (3)

24-25: LGTM!

The imports are correct for Prism-based syntax highlighting with the oneDark theme. Using the ESM path ensures better tree-shaking.

---

267-298: LGTM!

The copy functionality is well-implemented with proper fallback for browsers that don't support the Clipboard API. The error handling is appropriate for this use case.

---

303-334: LGTM!

The language badge and copy button UI are well-designed with proper accessibility attributes and visual feedback for user interactions.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check npm registry for react-syntax-highlighter details
curl -s https://registry.npmjs.org/react-syntax-highlighter | jq '.dist-tags.latest, .time | keys[-5:]' 2>/dev/null || echo "npm registry check may be limited in sandbox"

Repository: siteboon/claudecodeui

Length of output: 109

---

🌐 Web query:

react-syntax-highlighter npm security vulnerabilities latest version

💡 Result:

Short answer

• Latest react-syntax-highlighter on npm: 16.1.0 (current latest). No direct vulnerabilities reported for that package version, but it can inherit vulnerabilities from bundled dependencies (notably prismjs / highlight.js in older versions). [1][2]

Details & evidence

• Snyk shows latest version 16.1.0 and lists "No known security issues" for the package itself. [1]
• Projects depending on older react-syntax-highlighter releases have been flagged for transitive vulnerabilities (e.g., prismjs CVE-2024-53382 and other older CVEs introduced via refractor/ prsimjs or highlight.js). Example GitHub issue calling out prismjs / CVE-2024-53382 because of older refractor/prismjs versions pulled via react-syntax-highlighter. [2][3]
• Vulnerability trackers list related CVEs affecting prismjs/highlight.js that affected older react-syntax-highlighter dependency chains (see CVE entries). [4]

Recommended action

• Upgrade to the latest react-syntax-highlighter (16.1.0) and rebuild/lock deps. [1]
• Run an npm audit / Snyk/OSS-scan in your project to detect any transitive issues (and update prismjs/refractor/highlight.js if your lockfile pins older versions). [1][3]

Sources

1. Snyk package page — react-syntax-highlighter (latest info). [link].
2. GitHub issue calling out prismjs CVE (example: swagger-ui issue referencing react-syntax-highlighter → refractor → prismjs). [link].
3. Snyk/scan examples showing transitive CVEs introduced via refractor/prismjs/highlight.js and remediation notes. [link].
4. ReversingLabs / vulnerability listing referencing CVE-2024-53382 and CVE-2025-27789 in dependency chains. [link].

If you want, I can: (A) check your project's package-lock/yarn.lock for vulnerable transitive versions and give exact remediation steps, or (B) fetch the raw npm/registry pages for react-syntax-highlighter@16.1.0 and its dependency tree. Which would you prefer?

---

Upgrade react-syntax-highlighter to the latest version (16.1.0).

The pinned version ^15.6.1 is outdated; the latest version is 16.1.0. While react-syntax-highlighter itself has no direct known vulnerabilities, older versions can pull in vulnerable transitive dependencies (prismjs, refractor, highlight.js), including CVE-2024-53382 and CVE-2025-27789. Upgrading to 16.1.0 and running npm audit will ensure you have the latest security patches in the dependency tree.

🤖 Prompt for AI Agents

In package.json around line 83, the dependency "react-syntax-highlighter":
"^15.6.1" is outdated and may pull in vulnerable transitive deps; update the
dependency to "react-syntax-highlighter": "16.1.0" in package.json, then run npm
install (or yarn install) and npm audit (and fix/audit --fix as needed) to
update the lockfile and verify no remaining vulnerabilities; ensure any code
imports remain compatible with v16 and run tests to confirm no breaking changes.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Consider supporting hyphenated language identifiers.

The regex /language-(\w+)/ only matches word characters, which will miss languages with hyphens like objective-c, visual-basic, c-sharp, etc. If these languages are used in the codebase, they won't be highlighted correctly.

Apply this diff to support hyphenated languages:

-    const match = /language-(\w+)/.exec(className || '');
+    const match = /language-([\w-]+)/.exec(className || '');
     const language = match ? match[1] : 'text';

This will match language identifiers containing hyphens while still being safe ([\w-]+ matches word characters and hyphens).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Extract language from className (format: language-xxx)
	const match = /language-(\w+)/.exec(className || '');
	const language = match ? match[1] : 'text';
	// Extract language from className (format: language-xxx)
	const match = /language-([\w-]+)/.exec(className || '');
	const language = match ? match[1] : 'text';

🤖 Prompt for AI Agents

In src/components/ChatInterface.jsx around lines 262 to 264, the regex
/language-(\w+)/ only captures word characters and misses hyphenated language
identifiers (e.g. objective-c, c-sharp); update the pattern to allow hyphens
(use /language-([\w-]+)/) so the match captures identifiers with hyphens, keep
the existing fallback to 'text' when no match is found.