mirror of
https://github.com/Smaug123/KaTeX
synced 2025-10-11 05:58:40 +00:00
KaTeX website & documentation (#1484)
* website/docs: initial commit * Change secondaryColor * Fix index.css not being copied and included on global stylesheet * Fix stylesheet link [skip ci] * Change documentation link to API(Usage) [skip ci] * Add `Libraries` in usage [skip ci] * Remove documentation from `README.md` and add link to the site [skip ci] * Use KaTeX in the parent directory to build Markdown [skip ci] * Revise function support page. Avoid error msgs. * General edit to function support page
This commit is contained in:
ylemkimon
committed by
Kevin Barabash
Kevin Barabash
parent
83e8eac0a5
commit
8a38035855
15
docs/security.md
Normal file
15
docs/security.md
Normal file
@@ -0,0 +1,15 @@
|
||||
---
|
||||
id: security
|
||||
title: Security
|
||||
---
|
||||
Any HTML generated by KaTeX *should* be safe from `<script>` or other code
|
||||
injection attacks.
|
||||
(See `maxSize` below for preventing large width/height visual affronts,
|
||||
see `maxExpand` below for preventing infinite macro loop attacks, and
|
||||
see `allowedProtocols` below for preventing certain protocols in `\href`)
|
||||
|
||||
Of course, it is always a good idea to sanitize the HTML, though you will need
|
||||
a rather generous whitelist (including some of SVG and MathML) to support
|
||||
all of KaTeX.
|
||||
|
||||
> If you discovered a security issue, please let us know via https://hackerone.com/khanacademy
|
||||
Reference in New Issue
Block a user