katex 0.16.20 → 0.16.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/contrib/copy-tex/README.md +2 -2
- package/contrib/mathtex-script-type/README.md +5 -5
- package/contrib/mhchem/README.md +1 -1
- package/dist/README.md +3 -3
- package/dist/katex.css +1 -1
- package/dist/katex.js +17 -2
- package/dist/katex.min.css +1 -1
- package/dist/katex.min.js +1 -1
- package/dist/katex.mjs +16 -2
- package/package.json +1 -1
- package/src/domTree.js +14 -0
package/dist/katex.mjs
CHANGED
|
@@ -3942,10 +3942,20 @@ var toNode = function toNode(tagName) {
|
|
|
3942
3942
|
return node;
|
|
3943
3943
|
};
|
|
3944
3944
|
/**
|
|
3945
|
-
*
|
|
3945
|
+
* https://w3c.github.io/html-reference/syntax.html#syntax-attributes
|
|
3946
|
+
*
|
|
3947
|
+
* > Attribute Names must consist of one or more characters
|
|
3948
|
+
* other than the space characters, U+0000 NULL,
|
|
3949
|
+
* '"', "'", ">", "/", "=", the control characters,
|
|
3950
|
+
* and any characters that are not defined by Unicode.
|
|
3946
3951
|
*/
|
|
3947
3952
|
|
|
3948
3953
|
|
|
3954
|
+
var invalidAttributeNameRegex = /[\s"'>/=\x00-\x1f]/;
|
|
3955
|
+
/**
|
|
3956
|
+
* Convert into an HTML markup string
|
|
3957
|
+
*/
|
|
3958
|
+
|
|
3949
3959
|
var toMarkup = function toMarkup(tagName) {
|
|
3950
3960
|
var markup = "<" + tagName; // Add the class
|
|
3951
3961
|
|
|
@@ -3968,6 +3978,10 @@ var toMarkup = function toMarkup(tagName) {
|
|
|
3968
3978
|
|
|
3969
3979
|
for (var attr in this.attributes) {
|
|
3970
3980
|
if (this.attributes.hasOwnProperty(attr)) {
|
|
3981
|
+
if (invalidAttributeNameRegex.test(attr)) {
|
|
3982
|
+
throw new ParseError("Invalid attribute name '" + attr + "'");
|
|
3983
|
+
}
|
|
3984
|
+
|
|
3971
3985
|
markup += " " + attr + "=\"" + utils.escape(this.attributes[attr]) + "\"";
|
|
3972
3986
|
}
|
|
3973
3987
|
}
|
|
@@ -18416,7 +18430,7 @@ var renderToHTMLTree = function renderToHTMLTree(expression, options) {
|
|
|
18416
18430
|
}
|
|
18417
18431
|
};
|
|
18418
18432
|
|
|
18419
|
-
var version = "0.16.
|
|
18433
|
+
var version = "0.16.21";
|
|
18420
18434
|
var __domTree = {
|
|
18421
18435
|
Span,
|
|
18422
18436
|
Anchor,
|
package/package.json
CHANGED
package/src/domTree.js
CHANGED
|
@@ -17,6 +17,7 @@ import {path} from "./svgGeometry";
|
|
|
17
17
|
import type Options from "./Options";
|
|
18
18
|
import {DocumentFragment} from "./tree";
|
|
19
19
|
import {makeEm} from "./units";
|
|
20
|
+
import ParseError from "./ParseError";
|
|
20
21
|
|
|
21
22
|
import type {VirtualNode} from "./tree";
|
|
22
23
|
|
|
@@ -83,6 +84,16 @@ const toNode = function(tagName: string): HTMLElement {
|
|
|
83
84
|
return node;
|
|
84
85
|
};
|
|
85
86
|
|
|
87
|
+
/**
|
|
88
|
+
* https://w3c.github.io/html-reference/syntax.html#syntax-attributes
|
|
89
|
+
*
|
|
90
|
+
* > Attribute Names must consist of one or more characters
|
|
91
|
+
* other than the space characters, U+0000 NULL,
|
|
92
|
+
* '"', "'", ">", "/", "=", the control characters,
|
|
93
|
+
* and any characters that are not defined by Unicode.
|
|
94
|
+
*/
|
|
95
|
+
const invalidAttributeNameRegex = /[\s"'>/=\x00-\x1f]/;
|
|
96
|
+
|
|
86
97
|
/**
|
|
87
98
|
* Convert into an HTML markup string
|
|
88
99
|
*/
|
|
@@ -110,6 +121,9 @@ const toMarkup = function(tagName: string): string {
|
|
|
110
121
|
// Add the attributes
|
|
111
122
|
for (const attr in this.attributes) {
|
|
112
123
|
if (this.attributes.hasOwnProperty(attr)) {
|
|
124
|
+
if (invalidAttributeNameRegex.test(attr)) {
|
|
125
|
+
throw new ParseError(`Invalid attribute name '${attr}'`);
|
|
126
|
+
}
|
|
113
127
|
markup += ` ${attr}="${utils.escape(this.attributes[attr])}"`;
|
|
114
128
|
}
|
|
115
129
|
}
|