Add Building from Source & update Security documentation (#1516)

* Add `Building from Source` documentation

* Update security.md documentation

* Fix grammars

docs/browser.md

@@ -24,6 +24,9 @@ Download the latest version from [here](https://github.com/Khan/KaTeX/releases),
 copy `katex.js`, `katex.css`(or `katex.min.js` and `katex.min.css` to use minified
 versions) and `fonts` from `/katex`, and include like above.
 
+You can also build from source. See [Building from Source](node.md#building-from-source)
+for more details.
+
 ## Bundler
 Use [`Node.js` package managers](node.md) to install KaTeX and require it in your
 project. Then bundle using bundlers like [webpack](https://webpack.js.org/) or

docs/cli.md.template

@@ -14,7 +14,7 @@ npx katex
 > Above uses the `npx` command to run the locally installed executable.
 You can execute with the relative path: `./node_modules/.bin/katex`
 
-> To use CLI from local clone, you need to build the project first by
-running `npm run build`
+> To use CLI from local clone, you need to build the project first.
+See [Building from Source](node.md#building-from-source) for more details.
 
 ## Options

docs/node.md

@@ -19,5 +19,22 @@ yarn add katex
 # or globally
 yarn global add katex
 ```
+
+## Building from Source
+
+To build you will need Git, Node.js 6.9 or later, and npm or Yarn.
+
+Clone a copy of the GitHub source repository:
+```bash
+git clone https://github.com/Khan/KaTeX.git
+cd KaTeX
+```
+
+Then install dependencies and run `build` script:
+```bash
+npm install # or yarn install
+npm run build # or yarn build
+```
 <br>
-> You can manually download the package from [here](https://github.com/Khan/KaTeX/releases)
+> You can manually download the package and source code from
+[GitHub releases](https://github.com/Khan/KaTeX/releases).

docs/security.md

@@ -4,12 +4,17 @@ title: Security
 ---
 Any HTML generated by KaTeX *should* be safe from `<script>` or other code
 injection attacks.
-(See `maxSize` below for preventing large width/height visual affronts,
-see `maxExpand` below for preventing infinite macro loop attacks, and
-see `allowedProtocols` below for preventing certain protocols in `\href`)
 
 Of course, it is always a good idea to sanitize the HTML, though you will need
 a rather generous whitelist (including some of SVG and MathML) to support
 all of KaTeX.
 
+Use `maxSize` option for preventing large width/height visual affronts,
+use `maxExpand` for preventing infinite macro loop attacks, and
+use `allowedProtocols` for preventing certain protocols in `\href`. Please
+refer to [Options](options.md) for more details.
+
+The error message thrown by KaTeX may contain unescaped LaTeX source code.
+See [Handling Errors](error.md) for more details.
+
 > If you discovered a security issue, please let us know via https://hackerone.com/khanacademy