katex 0.16.20 → 0.16.22

package/dist/katex.mjs

@@ -3942,10 +3942,20 @@ var toNode = function toNode(tagName) {
   return node;
 };
 /**
- * Convert into an HTML markup string
+ * https://w3c.github.io/html-reference/syntax.html#syntax-attributes
+ *
+ * > Attribute Names must consist of one or more characters
+ * other than the space characters, U+0000 NULL,
+ * '"', "'", ">", "/", "=", the control characters,
+ * and any characters that are not defined by Unicode.
  */
 
 
+var invalidAttributeNameRegex = /[\s"'>/=\x00-\x1f]/;
+/**
+ * Convert into an HTML markup string
+ */
+
 var toMarkup = function toMarkup(tagName) {
   var markup = "<" + tagName; // Add the class
 
@@ -3968,6 +3978,10 @@ var toMarkup = function toMarkup(tagName) {
 
   for (var attr in this.attributes) {
     if (this.attributes.hasOwnProperty(attr)) {
+      if (invalidAttributeNameRegex.test(attr)) {
+        throw new ParseError("Invalid attribute name '" + attr + "'");
+      }
+
       markup += " " + attr + "=\"" + utils.escape(this.attributes[attr]) + "\"";
     }
   }
@@ -5087,7 +5101,7 @@ defineSymbol(text, main, accent, "\u02da", "\\r"); // ring above
 
 defineSymbol(text, main, accent, "\u02c7", "\\v"); // caron
 
-defineSymbol(text, main, accent, "\u00a8", '\\"'); // diaresis
+defineSymbol(text, main, accent, "\u00a8", '\\"'); // diaeresis
 
 defineSymbol(text, main, accent, "\u02dd", "\\H"); // double acute
 
@@ -13838,7 +13852,8 @@ defineFunction({
   names: ["\\relax"],
   props: {
     numArgs: 0,
-    allowedInText: true
+    allowedInText: true,
+    allowedInArgument: true
   },
 
   handler(_ref) {
@@ -14464,7 +14479,7 @@ defineFunctionBuilders({
   },
 
   mathmlBuilder(group, options) {
-    // Is the inner group a relevant horizonal brace?
+    // Is the inner group a relevant horizontal brace?
     var isBrace = false;
     var isOver;
     var isSup;
@@ -17373,6 +17388,7 @@ class Parser {
       if (!atom) {
         break;
       } else if (atom.type === "internal") {
+        // Internal nodes do not appear in parse tree
         continue;
       }
 
@@ -17459,8 +17475,15 @@ class Parser {
     var symbol = symbolToken.text;
     this.consume();
     this.consumeSpaces(); // ignore spaces before sup/subscript argument
+    // Skip over allowed internal nodes such as \relax
+
+    var group;
+
+    do {
+      var _group;
 
-    var group = this.parseGroup(name);
+      group = this.parseGroup(name);
+    } while (((_group = group) == null ? void 0 : _group.type) === "internal");
 
     if (!group) {
       throw new ParseError("Expected group after '" + symbol + "'", symbolToken);
@@ -17506,7 +17529,13 @@ class Parser {
   parseAtom(breakOnTokenText) {
     // The body of an atom is an implicit group, so that things like
     // \left(x\right)^2 work correctly.
-    var base = this.parseGroup("atom", breakOnTokenText); // In text mode, we don't have superscripts or subscripts
+    var base = this.parseGroup("atom", breakOnTokenText); // Internal nodes (e.g. \relax) cannot support super/subscripts.
+    // Instead we will pick up super/subscripts with blank base next round.
+
+    if ((base == null ? void 0 : base.type) === "internal") {
+      return base;
+    } // In text mode, we don't have superscripts or subscripts
+
 
     if (this.mode === "text") {
       return base;
@@ -17793,13 +17822,13 @@ class Parser {
             throw new ParseError("A primitive argument cannot be optional");
           }
 
-          var _group = this.parseGroup(name);
+          var _group2 = this.parseGroup(name);
 
-          if (_group == null) {
+          if (_group2 == null) {
             throw new ParseError("Expected group as " + name, this.fetch());
           }
 
-          return _group;
+          return _group2;
         }
 
       case "original":
@@ -18416,7 +18445,7 @@ var renderToHTMLTree = function renderToHTMLTree(expression, options) {
   }
 };
 
-var version = "0.16.20";
+var version = "0.16.22";
 var __domTree = {
   Span,
   Anchor,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "katex",
-  "version": "0.16.20",
+  "version": "0.16.22",
   "description": "Fast math typesetting for the web.",
   "main": "dist/katex.js",
   "exports": {

package/src/Parser.js

@@ -211,6 +211,7 @@ export default class Parser {
             if (!atom) {
                 break;
             } else if (atom.type === "internal") {
+                // Internal nodes do not appear in parse tree
                 continue;
             }
             body.push(atom);
@@ -286,7 +287,12 @@ export default class Parser {
         const symbol = symbolToken.text;
         this.consume();
         this.consumeSpaces(); // ignore spaces before sup/subscript argument
-        const group = this.parseGroup(name);
+
+        // Skip over allowed internal nodes such as \relax
+        let group: ?AnyParseNode;
+        do {
+            group = this.parseGroup(name);
+        } while (group?.type === "internal");
 
         if (!group) {
             throw new ParseError(
@@ -333,6 +339,12 @@ export default class Parser {
         // \left(x\right)^2 work correctly.
         const base = this.parseGroup("atom", breakOnTokenText);
 
+        // Internal nodes (e.g. \relax) cannot support super/subscripts.
+        // Instead we will pick up super/subscripts with blank base next round.
+        if (base?.type === "internal") {
+            return base;
+        }
+
         // In text mode, we don't have superscripts or subscripts
         if (this.mode === "text") {
             return base;

package/src/domTree.js

@@ -17,6 +17,7 @@ import {path} from "./svgGeometry";
 import type Options from "./Options";
 import {DocumentFragment} from "./tree";
 import {makeEm} from "./units";
+import ParseError from "./ParseError";
 
 import type {VirtualNode} from "./tree";
 
@@ -83,6 +84,16 @@ const toNode = function(tagName: string): HTMLElement {
     return node;
 };
 
+/**
+ * https://w3c.github.io/html-reference/syntax.html#syntax-attributes
+ *
+ * > Attribute Names must consist of one or more characters
+ * other than the space characters, U+0000 NULL,
+ * '"', "'", ">", "/", "=", the control characters,
+ * and any characters that are not defined by Unicode.
+ */
+const invalidAttributeNameRegex = /[\s"'>/=\x00-\x1f]/;
+
 /**
  * Convert into an HTML markup string
  */
@@ -110,6 +121,9 @@ const toMarkup = function(tagName: string): string {
     // Add the attributes
     for (const attr in this.attributes) {
         if (this.attributes.hasOwnProperty(attr)) {
+            if (invalidAttributeNameRegex.test(attr)) {
+                throw new ParseError(`Invalid attribute name '${attr}'`);
+            }
             markup += ` ${attr}="${utils.escape(this.attributes[attr])}"`;
         }
     }

package/src/functions/relax.js

@@ -7,6 +7,7 @@ defineFunction({
     props: {
         numArgs: 0,
         allowedInText: true,
+        allowedInArgument: true,
     },
     handler({parser}) {
         return {

package/src/functions/supsub.js

@@ -192,7 +192,7 @@ defineFunctionBuilders({
             options);
     },
     mathmlBuilder(group, options) {
-        // Is the inner group a relevant horizonal brace?
+        // Is the inner group a relevant horizontal brace?
         let isBrace = false;
         let isOver;
         let isSup;

package/src/symbols.js

@@ -711,7 +711,7 @@ defineSymbol(text, main, accent, "\u02d9", "\\."); // dot above
 defineSymbol(text, main, accent, "\u00b8", "\\c"); // cedilla
 defineSymbol(text, main, accent, "\u02da", "\\r"); // ring above
 defineSymbol(text, main, accent, "\u02c7", "\\v"); // caron
-defineSymbol(text, main, accent, "\u00a8", '\\"'); // diaresis
+defineSymbol(text, main, accent, "\u00a8", '\\"'); // diaeresis
 defineSymbol(text, main, accent, "\u02dd", "\\H"); // double acute
 defineSymbol(text, main, accent, "\u25ef", "\\textcircled"); // \bigcirc glyph