Closed dpikt closed 5 years ago
Thanks for reporting @dpikt.
I'll get to it as soon as I can and sanitize the math source before adding it to the DOM. You can beat me to it by a PR of course 😉
@dpikt it turns out it is not that easy task. Sanitizing the input will break MathML rendering. I'm looking for a better solution.
@dpikt I used DOMPurify to sanitize the inputs. The problem should not happen again.
I was using this component to render some user input- I didn't realize it was using
innerHTML
under the hood 😱For example, you can enter the following into the demo:
This is bad news.
I'm not sure if there's a way around this with the way this component currently renders Mathjax, but it should certainly be documented if it's a necessary consideration in using the component.