KaTeX support #174
KaTeX support #174
Conversation
|
using composition api / setup sugar / my main concern is the use of v-html, this could end up with an xss if used improperly. i wonder if there's a pre-existing katex component for vue we could use? |
|
so i couldn't find any prebuilt component (the ones i did find seem to be for older versions of vue and/or unmaintained) i did stumble upon https://katex.org/docs/security though, which seems to imply katex seems to care about security so as long as we keep it up to date it should be Relatively Fine™ i would recommend explicitly setting trust to false though. it's the default sure but being explicit won't hurt |
| throwOnError: false, | ||
| } as any); | ||
| return this.block | ||
| ? `<div style="text-align:center">${katexString}</div>` |
There was a problem hiding this comment.
i feel like this would be better as part of the vue template instead of being inline html, with text-align:center applied via <style> instead of being inline
|
I agree with each statement made by kopper here. Also the fact that it's split into two components seems redundant when one component is literally just there for one small task that can all be accomplished in one single file. |
|
Is there anything stopping us from just running HTML sanitization on all KaTeX embeds? I dont think performance would be an issue, since I doubt math expressions are that common |
| throwOnError: false, | ||
| } as any); | ||
| return this.block | ||
| ? `<div style="text-align:center">${katexString}</div>` |
There was a problem hiding this comment.
Some kind of simple HTML sanitization could be made here, depending on what KaTeX renders to you might be able to just drop all non-math HTML tags and their attributes
depending on how heavy katex is as a library it does make sense to load it asynchronously for tree shaking purposes (as i don't imagine it being something that'll be used often enough) it may be possible to use a single component and import it asynchronously there, though i'm not sure how difficult that would be |
You just simply make an async function a lot of stuff misskey does is already done with async in mind. |
katex support, for math typesetting
What
add katex support to allow for proper displaying of math expressions
Why
so that math expressions can be properly shown (feature parity with firefish)
Additional info (optional)
example:
before change
after change
Checklist