v0.10.0 release (#1751)

* Remove RC-versioned docs * Release v0.10.0 Bump master to v0.10.1-pre * Fix multiple occuring hash replacement * Update SRI hashes * Update CHANGELOG.md * Fix tags not shown * Update docusaurus * Wrap escaping backslashes with backticks * Update SRI hashes * Update CHANGELOG.md
2025-10-13 06:58:40 +00:00 · 2018-10-29 13:14:24 +09:00
parent 11490b5e0b
commit 49f84f76e7
25 changed files with 125 additions and 105 deletions
--- a/website/versioned_docs/version-0.10.0/error.md
+++ b/website/versioned_docs/version-0.10.0/error.md
@@ -0,0 +1,36 @@
+---
+id: version-0.10.0-error
+title: Handling Errors
+original_id: error
+---
+If KaTeX encounters an error (invalid or unsupported LaTeX) and `throwOnError`
+hasn't been set to `false`, then `katex.render` and `katex.renderToString`
+will throw an exception of type `katex.ParseError`.
+The message in this error includes some of the LaTeX source code,
+so needs to be escaped if you want to render it to HTML.  For example:
+
+```js
+try {
+    var html = katex.renderToString(texString);
+    // '<span class="katex">...</span>'
+} catch (e) {
+    if (e instanceof katex.ParseError) {
+        // KaTeX can't parse the expression
+        html = ("Error in LaTeX '" + texString + "': " + e.message)
+            .replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    } else {
+        throw e;  // other error
+    }
+}
+```
+
+In particular, you should convert `&`, `<`, `>` characters to
+`&amp;`, `&lt;`, `&gt;` before including either LaTeX source code or
+exception messages in your HTML/DOM.
+(This can also be done using `_.escape`.)
+Failure to escape in this way makes a `<script>` injection attack possible
+if your LaTeX source is untrusted.
+
+Alternatively, you can set `throwOnError` to `false` to use built-in behavior
+of rendering the LaTeX source code with hover text stating the error.
+See [rendering options](options.md).