Add docs on how to use w/ rehype-sanitize

Reviewed-by: Christian Murphy <christian.murphy.42@gmail.com> Reviewed-by: Titus Wormer <tituswormer@gmail.com> Closes GH-67. Closes GH-68.
remarkjs · Oct 9, 2021 · d2f2dc7 · d2f2dc7
1 parent a54c27b
commit d2f2dc7
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/readme.md b/readme.md
@@ -99,6 +99,39 @@ so any vulnerability in KaTeX can open you to a
 
 Always be wary of user input and use [`rehype-sanitize`][rehype-sanitize].
 
+If you are using [`rehype-sanitize`][rehype-sanitize] and trust [KaTeX][], you
+can allow the classes added by `remark-math` by extending the default schema
+like so:
+
+```js
+const mathSanitizeSchema = {
+  ...defaultSchema,
+  attributes: {
+    ...defaultSchema.attributes,
+    div: [
+      ...defaultSchema.attributes.div,
+      ['className', 'math', 'math-display']
+    ],
+    span: [
+      ['className', 'math', 'math-inline']
+    ]
+  }
+}
+```
+
+And applying the `rehype-katex` plugin *after* the
+[`rehype-sanitize`][rehype-sanitize] plugin like so:
+
+```js
+[
+  rehypeRaw,
+  // …
+  [rehypeSanitize, mathSanitizeSchema],
+  rehypeKatex
+  // …
+]
+```
+
 ## Related
 
 *   [`remark-breaks`](https://github.com/remarkjs/remark-breaks)