mirror of
https://github.com/Smaug123/KaTeX
synced 2025-10-10 05:28:41 +00:00
49f84f76e7
* Remove RC-versioned docs * Release v0.10.0 Bump master to v0.10.1-pre * Fix multiple occuring hash replacement * Update SRI hashes * Update CHANGELOG.md * Fix tags not shown * Update docusaurus * Wrap escaping backslashes with backticks * Update SRI hashes * Update CHANGELOG.md
22 lines
819 B
Markdown
22 lines
819 B
Markdown
---
|
|
id: version-0.10.0-security
|
|
title: Security
|
|
original_id: security
|
|
---
|
|
Any HTML generated by KaTeX *should* be safe from `<script>` or other code
|
|
injection attacks.
|
|
|
|
Of course, it is always a good idea to sanitize the HTML, though you will need
|
|
a rather generous whitelist (including some of SVG and MathML) to support
|
|
all of KaTeX.
|
|
|
|
Use `maxSize` option for preventing large width/height visual affronts,
|
|
use `maxExpand` for preventing infinite macro loop attacks, and
|
|
use `allowedProtocols` for preventing certain protocols in `\href`. Please
|
|
refer to [Options](options.md) for more details.
|
|
|
|
The error message thrown by KaTeX may contain unescaped LaTeX source code.
|
|
See [Handling Errors](error.md) for more details.
|
|
|
|
> If you discovered a security issue, please let us know via https://hackerone.com/khanacademy
|