The indent was to fix the XSS in display.latex
function. However, while reworking the pull request, the original line didn't get removed, still leaving the XSS vulnerability.
Thanks for the patience with my PRs. I introduced the error in the previous PR #48 when handling the difference between our local patched version and this upstream repo =(.
The indent was to fix the XSS in display.latex function. However, while reworking the pull request, the original line didn't get removed, still leaving the XSS vulnerability.
Remove the .innerHTML as intended