patrick/KaTeX
1
0
Fork 0
mirror of https://github.com/Smaug123/KaTeX synced 2025-10-10 05:28:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow only allowed protocols in \href (#1440)

Browse Source 
* Allow only allowed protocols in \href

Added `allowedProtocols` settings

* Fix a typo

* Allow boolean argument

* Allow wildcard(*) argument

Revert 'Allow boolean argument'
This commit is contained in:
ylemkimon
2018-06-28 08:51:12 +09:00
committed by Erik Demaine
parent 8621f5b76a
commit a8015d0feb
4 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/katex-spec.js
View File

@@ -2468,6 +2468,23 @@ describe("An href command", function() {
const markup = katex.renderToString("\\href{http://example.com/}{example here}");
expect(markup).toContain("<a href=\"http://example.com/\">");
});
it("should allow protocols in allowedProtocols", function() {
expect("\\href{relative}{foo}").toParse();
expect("\\href{ftp://x}{foo}").toParse(new Settings({
allowedProtocols: ["ftp"],
}));
expect("\\href{ftp://x}{foo}").toParse(new Settings({
allowedProtocols: ["*"],
}));
});
it("should not allow protocols not in allowedProtocols", function() {
expect("\\href{javascript:alert('x')}{foo}").toNotParse();
expect("\\href{relative}{foo}").toNotParse(new Settings({
allowedProtocols: [],
}));
});
});
describe("A parser that does not throw on unsupported commands", function() {