patrick/KaTeX
1
0
Fork 0
mirror of https://github.com/Smaug123/KaTeX synced 2025-10-06 03:38:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7300952ae1cb1060a1c94daf439a92de18d65442
KaTeX/website/versioned_docs/version-0.10.0/security.md
ylemkimon 49f84f76e7 v0.10.0 release (#1751) 
* Remove RC-versioned docs

* Release v0.10.0

Bump master to v0.10.1-pre

* Fix multiple occuring hash replacement

* Update SRI hashes

* Update CHANGELOG.md

* Fix tags not shown

* Update docusaurus

* Wrap escaping backslashes with backticks

* Update SRI hashes

* Update CHANGELOG.md
2018-10-29 13:14:24 +09:00

819 B
Raw Blame History

id, title, original_id
id title original_id
version-0.10.0-security Security security

Any HTML generated by KaTeX should be safe from <script> or other code injection attacks.

Of course, it is always a good idea to sanitize the HTML, though you will need a rather generous whitelist (including some of SVG and MathML) to support all of KaTeX.

Use maxSize option for preventing large width/height visual affronts, use maxExpand for preventing infinite macro loop attacks, and use allowedProtocols for preventing certain protocols in \href. Please refer to Options for more details.

The error message thrown by KaTeX may contain unescaped LaTeX source code. See Handling Errors for more details.

If you discovered a security issue, please let us know via https://hackerone.com/khanacademy