Release v0.10.0-rc.1 (#1654)

Bump master to v0.10.0-pre
2025-10-13 15:08:39 +00:00 · 2018-08-23 02:42:24 +09:00
parent 7bc15d4d76
commit 7ca6f51b9a
22 changed files with 83 additions and 83 deletions
--- a/website/versioned_docs/version-0.10.0-rc.1/error.md
+++ b/website/versioned_docs/version-0.10.0-rc.1/error.md
@@ -0,0 +1,36 @@
+---
+id: version-0.10.0-rc.1-error
+title: Handling Errors
+original_id: error
+---
+If KaTeX encounters an error (invalid or unsupported LaTeX) and `throwOnError`
+hasn't been set to `false`, then `katex.render` and `katex.renderToString`
+will throw an exception of type `katex.ParseError`.
+The message in this error includes some of the LaTeX source code,
+so needs to be escaped if you want to render it to HTML.  For example:
+
+```js
+try {
+    var html = katex.renderToString(texString);
+    // '<span class="katex">...</span>'
+} catch (e) {
+    if (e instanceof katex.ParseError) {
+        // KaTeX can't parse the expression
+        html = ("Error in LaTeX '" + texString + "': " + e.message)
+            .replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    } else {
+        throw e;  // other error
+    }
+}
+```
+
+In particular, you should convert `&`, `<`, `>` characters to
+`&amp;`, `&lt;`, `&gt;` before including either LaTeX source code or
+exception messages in your HTML/DOM.
+(This can also be done using `_.escape`.)
+Failure to escape in this way makes a `<script>` injection attack possible
+if your LaTeX source is untrusted.
+
+Alternatively, you can set `throwOnError` to `false` to use built-in behavior
+of rendering the LaTeX source code with hover text stating the error.
+See [rendering options](options.md).