patrick/KaTeX
1
0
Fork 0
mirror of https://github.com/Smaug123/KaTeX synced 2025-10-06 03:38:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8a380358553a54ffd55566dad4f8c011f837429a
KaTeX/docs/security.md
ylemkimon 8a38035855 KaTeX website & documentation (#1484) 
* website/docs: initial commit

* Change secondaryColor

* Fix index.css not being copied and included on global stylesheet

* Fix stylesheet link

[skip ci]

* Change documentation link to API(Usage)

[skip ci]

* Add `Libraries` in usage

[skip ci]

* Remove documentation from `README.md` and add link to the site

[skip ci]

* Use KaTeX in the parent directory to build Markdown

[skip ci]

* Revise function support page. Avoid error msgs.

* General edit to function support page
2018-07-26 20:19:40 -07:00

611 B
Raw Blame History

id, title
id title
security Security

Any HTML generated by KaTeX should be safe from <script> or other code injection attacks. (See maxSize below for preventing large width/height visual affronts, see maxExpand below for preventing infinite macro loop attacks, and see allowedProtocols below for preventing certain protocols in \href)

Of course, it is always a good idea to sanitize the HTML, though you will need a rather generous whitelist (including some of SVG and MathML) to support all of KaTeX.

If you discovered a security issue, please let us know via https://hackerone.com/khanacademy