patrick/KaTeX
1
0
Fork 0
mirror of https://github.com/Smaug123/KaTeX synced 2025-10-14 07:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c52d3bee700bb22814bfad71f6cf6bc40831c953
KaTeX/website/versioned_docs/version-0.10.0-rc.1/security.md
ylemkimon 7ca6f51b9a Release v0.10.0-rc.1 (#1654) 
Bump master to v0.10.0-pre
2018-08-23 02:42:24 +09:00

22 lines
824 B
Markdown
Raw Blame History

---
id: version-0.10.0-rc.1-security
title: Security
original_id: security
---
Any HTML generated by KaTeX *should* be safe from `<script>` or other code
injection attacks.
Of course, it is always a good idea to sanitize the HTML, though you will need
a rather generous whitelist (including some of SVG and MathML) to support
all of KaTeX.
Use `maxSize` option for preventing large width/height visual affronts,
use `maxExpand` for preventing infinite macro loop attacks, and
use `allowedProtocols` for preventing certain protocols in `\href`. Please
refer to [Options](options.md) for more details.
The error message thrown by KaTeX may contain unescaped LaTeX source code.
See [Handling Errors](error.md) for more details.
> If you discovered a security issue, please let us know via https://hackerone.com/khanacademy
Reference in New Issue View Git Blame Copy Permalink