Add note re: HTML to security documentation page (#2296)

* Add note re: HTML to security documentation page * Update docs/security.md Co-authored-by: ylemkimon <y@ylem.kim> Co-authored-by: ylemkimon <y@ylem.kim> Co-authored-by: Erik Demaine <edemaine@mit.edu>
2025-10-05 19:28:39 +00:00 · 2020-07-11 11:04:27 -07:00
parent b027dca926
commit 754c601e34
1 changed files with 1 additions and 1 deletions
--- a/docs/security.md
+++ b/docs/security.md
@@ -13,7 +13,7 @@ A variety of options give finer control over the security of KaTeX
 with untrusted inputs; refer to [Options](options.md) for more details.
 * `maxSize` can prevent large width/height visual affronts.
 * `maxExpand` can prevent infinite macro loop attacks.
-* `trust` can allow certain commands that are not always safe (e.g., `\includegraphics`)
+* `trust` can allow certain commands that may load external resources or change HTML attributes and thus are not always safe (e.g., `\includegraphics` or `\htmlClass`)

 The error message thrown by KaTeX may contain unescaped LaTeX source code.
 See [Handling Errors](error.md) for more details.