Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add KaTeX support for block and inline math rendering in Markdown #1643

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: add KaTeX support for block and inline math rendering in Markdown #1643

wants to merge 4 commits into from
+135 −53

Conversation

calycekr
Copy link

@calycekr calycekr commented Jan 12, 2025
edited
Loading

Add KaTeX Support for Block and Inline Math Rendering in Markdown

This update introduces KaTeX support for rendering block and inline math expressions within Markdown content. The changes include new tokenizer and renderer extensions for handling KaTeX syntax.

This update will fix #1599 and any other issues related to LaTeX or Markdown parsing.

Changes

  • Added katexBlockExtension and katexInlineExtension for KaTeX block and inline math rendering.
  • Removed the escapeHTML and processLatex functions.
  • Updated the marked configuration to include the new KaTeX extensions.
  • Modified MarkdownRenderer.svelte to import and use the new extensions.

@calycekr
Copy link
Author

With this commit, LaTeX rendering is fully functional. For rendering chemical formulas, the mhchem extension needs to be added, which I plan to include in a future PR. Additionally, adding the copy-tex extension could be useful for easier copying.

https://github.com/KaTeX/KaTeX/tree/main/contrib/mhchem
https://github.com/KaTeX/KaTeX/tree/main/contrib/copy-tex

nsarrazin
nsarrazin reviewed Jan 13, 2025
View reviewed changes
Copy link
Collaborator

@nsarrazin nsarrazin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for the contrib! This looks good and will probably be more maintainable! Tried testing it locally seems to work pretty well.

My only concern is the removed escapeHtml method, could you tell me why it was removed? It was used to prevent things like this:
image

@calycekr
Copy link
Author

calycekr commented Jan 13, 2025
edited
Loading

@calycekr My mistake. I added escapeHTML in the Marked renderer to prevent any user-supplied HTML from being injected directly into the DOM. This ensures that KaTeX rendering still works as intended, while any raw HTML code is safely escaped, preventing potential security issues.

	const marked = new Marked({
		hooks: {
			preprocess: (md) => addInlineCitations(md, sources),
			postprocess: (html) => DOMPurify.sanitize(html),
		},
		extensions: [katexBlockExtension, katexInlineExtension],
		renderer: {
			html: (html) => escapeHTML(html),
			link: (href, title, text) =>
				`<a href="${href?.replace(/>$/, "")}" target="_blank" rel="noreferrer">${text}</a>`,
		},
		gfm: true,
	});

@calycekr
fix: Reintroduce escapeHTML to prevent raw HTML injection
6a22478 
- Properly escape user-generated HTML to avoid DOM injection vulnerabilities.
- Ensures KaTeX rendering remains unaffected while blocking malicious content.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nsarrazin nsarrazin nsarrazin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

LaTeX is wrongly inserted inside inline code blocks
2 participants
@calycekr @nsarrazin