github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3879 from overleaf/jel-ja-wiki-mathjax

Browse source 
Fix learn wiki XSS

GitOrigin-RevId: 3964b2eaf56ef57ec34e4cdd3e683dd36f9eae6e
This commit is contained in:
Jessica Lawshe 2021-04-08 09:26:13 -05:00 committed by Copybot
parent 2cb709161e
commit 5220198991
1 changed files with 0 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
services/web/frontend/js/directives/mathjax.js
View file

@ -8,15 +8,6 @@ export default App.directive('mathjax', function($compile, $parse) {
link(scope, element, attrs) { link(scope, element, attrs) {
if (!(MathJax && MathJax.Hub)) return if (!(MathJax && MathJax.Hub)) return
// Allowing HTML can be unsafe unless using something like
// `ng-bind-html` because of potential Angular XSS via {{/}}
if (!$parse(attrs.mathjaxAllowHtml)(scope)) {
const mathJaxContents = element.html()
const nonBindableEl = $compile('<span ng-non-bindable></span>')({})
element.html('').append(nonBindableEl)
nonBindableEl.html(mathJaxContents)
}
if (attrs.delimiter !== 'no-single-dollar') { if (attrs.delimiter !== 'no-single-dollar') {
const inlineMathConfig = const inlineMathConfig =
MathJax.Hub.config && MathJax.Hub.config.tex2jax.inlineMath MathJax.Hub.config && MathJax.Hub.config.tex2jax.inlineMath