Skip to content

Commit

Permalink
modified: Change dependencies. (#49)
Browse files Browse the repository at this point in the history
* modified: Move katex script into local git repo.

This will enable GitHub Action to generate correct relase archive.

* modified: Update dependencies.

- Remove `markdown-it-katex` since it's no longer needed.
- Directly add `katex` as dependency.
  • Loading branch information
nfnfgo authored Jul 3, 2024
1 parent d89c797 commit cad2bd4
Showing 6 changed files with 162 additions and 38,305 deletions.
10 changes: 4 additions & 6 deletions docs/dev/html_entities_handling.md
Original file line number Diff line number Diff line change
@@ -24,13 +24,13 @@ When HTML rendering enabled, all HTML Entities will be unescaped at the beginnin

Finally, using `DOMPurify.sanitize()` to filter all possible malicious tags, then rendering content back to message box.

# Latex Rendering with HTML Entities
# LaTeX Rendering with HTML Entities

Version `<=1.1.0` may experience rendering issue when Inline Latex and Latex Block which contains HTML Entities. The reason is same as above: HTML Entities has been escaped.

In above when solving Fenced Code Rendering issue, we manually unescaped HTML Entities in function that passed to `highlight`. However there is no any method we could "plug-in" our code to MarkdownIt Katex plugin.

One possible method (not so elegant though) is to apply some mild changes to `katex` plugin itself as below:
To solve this, we need to use a mild modified version of `markdown-it-katex`, the midification has been described below:

```js
// Add this function to katex/index.js
@@ -74,11 +74,9 @@ var katexBlock = function (latex) {
}
```

In case that latex has been rendered successfully, all possible HTML Entities has been converted to latex span.
In case that latex has been rendered successfully, all possible HTML Entities has been converted to latex span. And wzhen error occurred while rendering latex, the raw info will go through `escapeHtml()` before rendering, so in both case there is no XSS vulnurability.

When error occurred while rendering latex, the raw info will go through `escapeHtml()` before rendering, so in both case there is no XSS vulnurability.

> You don't need to do anything if you are user of thie plugin since all changes has been bundled into `dist/renderer.js`. However if you are going to develop this plugin, remember to manually apply changes above into `@traptitech/katex` package.
The relavant script has been directly added to this git repo now as `src/lib/markdown-it-katex.js`.

# Inline Code Rendering with HTML Entities

93 changes: 5 additions & 88 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 1 addition & 3 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
{
"dependencies": {
"@traptitech/markdown-it-katex": "^3.6.0",
"dompurify": "^3.1.5",
"highlight.js": "^11.9.0",
"idb-keyval": "^6.2.1",
"immer": "^10.1.1",
"katex": "^0.16.10",
"markdown-it": "^14.1.0",
"markdown-it-pangu": "^1.0.2",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"zustand": "^4.5.4"
Loading

0 comments on commit cad2bd4

Please sign in to comment.