enhancement request - sanitize <script> tags in MathJax #128
Comments
Thanks for reporting this bug! This will be fixed in the next release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sorry if I'm missing the obvious way to do this:
I'd like to sanitize input between the MathJax markers such that
script
tags are not allowed. This seems relatively straightforward elsewhere in user-submitted kramdown content, but the MathJax tags appear to allow injection.For instance:
is rendered as:
Which causes the second alert
b
to appear.The text was updated successfully, but these errors were encountered: