Skip to content

fix(markmap-lib): escape katex content when katex not loaded#335

Open
FrigonZ wants to merge 1 commit into
markmap:masterfrom
FrigonZ:fix/katex-xss
Open

fix(markmap-lib): escape katex content when katex not loaded#335
FrigonZ wants to merge 1 commit into
markmap:masterfrom
FrigonZ:fix/katex-xss

Conversation

@FrigonZ

@FrigonZ FrigonZ commented Aug 8, 2025

Copy link
Copy Markdown

fix: escape katex content when katex not loaded to prevent xss

When KaTeX is not yet loaded (window.katex undefined), math content would be rendered as raw HTML, creating potential XSS vulnerabilities from malicious formulas. This fix ensures the content is properly escaped when KaTeX is unavailable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant