v0.10.0 release (#1751)

* Remove RC-versioned docs * Release v0.10.0 Bump master to v0.10.1-pre * Fix multiple occuring hash replacement * Update SRI hashes * Update CHANGELOG.md * Fix tags not shown * Update docusaurus * Wrap escaping backslashes with backticks * Update SRI hashes * Update CHANGELOG.md
2025-10-19 17:48:41 +00:00 · 2018-10-29 13:14:24 +09:00
parent 11490b5e0b
commit 49f84f76e7
25 changed files with 125 additions and 105 deletions
--- a/website/versioned_docs/version-0.10.0/security.md
+++ b/website/versioned_docs/version-0.10.0/security.md
@@ -0,0 +1,21 @@
+---
+id: version-0.10.0-security
+title: Security
+original_id: security
+---
+Any HTML generated by KaTeX *should* be safe from `<script>` or other code
+injection attacks.
+
+Of course, it is always a good idea to sanitize the HTML, though you will need
+a rather generous whitelist (including some of SVG and MathML) to support
+all of KaTeX.
+
+Use `maxSize` option for preventing large width/height visual affronts,
+use `maxExpand` for preventing infinite macro loop attacks, and
+use `allowedProtocols` for preventing certain protocols in `\href`. Please
+refer to [Options](options.md) for more details.
+
+The error message thrown by KaTeX may contain unescaped LaTeX source code.
+See [Handling Errors](error.md) for more details.
+
+> If you discovered a security issue, please let us know via https://hackerone.com/khanacademy