From 04027658e631774db50e5062be753477909a4b11 Mon Sep 17 00:00:00 2001 From: Paul Makles Date: Sat, 17 Jun 2023 16:11:22 +0100 Subject: [PATCH] feat: add more validation to KaTeX in markdown --- package.json | 2 +- src/components/markdown/RemarkRenderer.tsx | 5 +- yarn.lock | 129 +++++++++++++++------ 3 files changed, 98 insertions(+), 38 deletions(-) diff --git a/package.json b/package.json index 3c596e74..28148b54 100644 --- a/package.json +++ b/package.json @@ -44,6 +44,7 @@ } }, "dependencies": { + "@revoltchat/rehype-katex": "^6.0.3", "fs-extra": "^10.0.0", "klaw": "^3.0.0", "lottie-react": "^2.4.0", @@ -137,7 +138,6 @@ "react-router-dom": "^5.2.0", "react-scroll": "^1.8.2", "react-virtuoso": "^2.12.0", - "rehype-katex": "^6.0.2", "rehype-prism": "^2.1.3", "rehype-react": "^7.1.1", "remark-breaks": "^3.0.2", diff --git a/src/components/markdown/RemarkRenderer.tsx b/src/components/markdown/RemarkRenderer.tsx index 1ba49491..45a02dcd 100644 --- a/src/components/markdown/RemarkRenderer.tsx +++ b/src/components/markdown/RemarkRenderer.tsx @@ -1,5 +1,4 @@ import "katex/dist/katex.min.css"; -import rehypeKatex from "rehype-katex"; import rehypePrism from "rehype-prism"; import rehypeReact from "rehype-react"; import remarkBreaks from "remark-breaks"; @@ -14,6 +13,9 @@ import { createElement } from "preact"; import { memo } from "preact/compat"; import { useLayoutEffect, useMemo, useState } from "preact/hooks"; +// @ts-expect-error no typings +import rehypeKatex from "@revoltchat/rehype-katex"; + import { MarkdownProps } from "./Markdown"; import { handlers } from "./hast"; import { RenderCodeblock } from "./plugins/Codeblock"; @@ -146,6 +148,7 @@ const render = unified() .use(rehypeKatex, { maxSize: 10, maxExpand: 0, + maxLength: 128, trust: false, strict: false, output: "html", diff --git a/yarn.lock b/yarn.lock index 087055dc..996dcbc5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2299,6 +2299,20 @@ __metadata: languageName: node linkType: hard +"@revoltchat/rehype-katex@npm:^6.0.3": + version: 6.0.3 + resolution: "@revoltchat/rehype-katex@npm:6.0.3" + dependencies: + "@types/hast": ^2.0.0 + "@types/katex": ^0.14.0 + hast-util-from-html-isomorphic: ^1.0.0 + hast-util-to-text: ^3.1.0 + katex: ^0.16.0 + unist-util-visit: ^4.0.0 + checksum: b655a6f5ddaf107ef030aa0ba8bf5eef745e44316a5cb44aa137ea5e2e3f6c7b68470ff6645d224f5cd47982d729a6726e2a595201c51fdb44e2dbc9acd2b8e2 + languageName: node + linkType: hard + "@revoltchat/ui@portal:external/components::locator=client%40workspace%3A.": version: 0.0.0-use.local resolution: "@revoltchat/ui@portal:external/components::locator=client%40workspace%3A." @@ -2627,6 +2641,13 @@ __metadata: languageName: node linkType: hard +"@types/katex@npm:^0.14.0": + version: 0.14.0 + resolution: "@types/katex@npm:0.14.0" + checksum: 330e0d0337ba48c87f5b793965fbad673653789bf6e50dfe8d726a7b0cbefd37195055e31503aae629814aa79447e4f23a4b87ad1ac565c0d9a9d9978836f39b + languageName: node + linkType: hard + "@types/lodash.defaultsdeep@npm:^4.6.6": version: 4.6.6 resolution: "@types/lodash.defaultsdeep@npm:4.6.6" @@ -3688,6 +3709,7 @@ __metadata: "@hcaptcha/react-hcaptcha": ^1.4.4 "@insertish/vite-plugin-babel-macros": ^1.0.5 "@preact/preset-vite": ^2.0.0 + "@revoltchat/rehype-katex": ^6.0.3 "@revoltchat/ui": ^1.0.77 "@rollup/plugin-replace": ^2.4.2 "@styled-icons/boxicons-logos": ^10.38.0 @@ -3751,7 +3773,6 @@ __metadata: react-router-dom: ^5.2.0 react-scroll: ^1.8.2 react-virtuoso: ^2.12.0 - rehype-katex: ^6.0.2 rehype-prism: ^2.1.3 rehype-react: ^7.1.1 remark-breaks: ^3.0.2 @@ -3876,7 +3897,7 @@ __metadata: languageName: node linkType: hard -"commander@npm:^8.0.0": +"commander@npm:^8.0.0, commander@npm:^8.3.0": version: 8.3.0 resolution: "commander@npm:8.3.0" checksum: 0f82321821fc27b83bd409510bb9deeebcfa799ff0bf5d102128b500b7af22872c0c92cb6a0ebc5a4cf19c6b550fba9cedfa7329d18c6442a625f851377bacf0 @@ -4233,6 +4254,13 @@ __metadata: languageName: node linkType: hard +"entities@npm:^4.4.0": + version: 4.5.0 + resolution: "entities@npm:4.5.0" + checksum: 853f8ebd5b425d350bffa97dd6958143179a5938352ccae092c62d1267c4e392a039be1bae7d51b6e4ffad25f51f9617531fedf5237f15df302ccfb452cbf2d7 + languageName: node + linkType: hard + "env-paths@npm:^2.2.0": version: 2.2.1 resolution: "env-paths@npm:2.2.1" @@ -5325,6 +5353,41 @@ __metadata: languageName: node linkType: hard +"hast-util-from-dom@npm:^4.0.0": + version: 4.2.0 + resolution: "hast-util-from-dom@npm:4.2.0" + dependencies: + hastscript: ^7.0.0 + web-namespaces: ^2.0.0 + checksum: 0eac72cfb2bad20cf70ad978332be8c746dba27576fea3c3b123d7d1a52a8e10a88a25622b60f45255994163845e3f784fcd7c013b1301f2df4b81e3d0b1b973 + languageName: node + linkType: hard + +"hast-util-from-html-isomorphic@npm:^1.0.0": + version: 1.0.0 + resolution: "hast-util-from-html-isomorphic@npm:1.0.0" + dependencies: + "@types/hast": ^2.0.0 + hast-util-from-dom: ^4.0.0 + hast-util-from-html: ^1.0.0 + unist-util-remove-position: ^4.0.0 + checksum: a72786d6757a1a38d76cf74ba86fecfaf0690d465dcae477bfa7199ec03d364ba964f658331406ee7e62e912186df6d4ff38fc3ad050e0e3d8bc33a653df060d + languageName: node + linkType: hard + +"hast-util-from-html@npm:^1.0.0": + version: 1.0.2 + resolution: "hast-util-from-html@npm:1.0.2" + dependencies: + "@types/hast": ^2.0.0 + hast-util-from-parse5: ^7.0.0 + parse5: ^7.0.0 + vfile: ^5.0.0 + vfile-message: ^3.0.0 + checksum: 81cbda7dfa4c02fcb4e4359a48e25ebee7bef133dc607c2c036c53df27efacdfa22313a86398391ef22b31decda98c7110f1b441c5a48f419514be6b5d4b5603 + languageName: node + linkType: hard + "hast-util-from-parse5@npm:^7.0.0": version: 7.1.0 resolution: "hast-util-from-parse5@npm:7.1.0" @@ -5342,12 +5405,12 @@ __metadata: linkType: hard "hast-util-is-element@npm:^2.0.0": - version: 2.1.2 - resolution: "hast-util-is-element@npm:2.1.2" + version: 2.1.3 + resolution: "hast-util-is-element@npm:2.1.3" dependencies: "@types/hast": ^2.0.0 "@types/unist": ^2.0.0 - checksum: c5fe9f7cde3775d4cbe19a9a55631a80b7a4ea0131fc2e3d097ebe228a35f09b9219f64b788b7a9cf819e6dcb6d1fc7830fd2f10ad536649e436e8c83da41e00 + checksum: 9d988f6839a50566a895a3dd19222e6ab1591243f6a3c36bba835b7e9339a2845f1ff1c583425afd602de1a57a76c5bae8a6dc0ab1d6e5d1e252b422cdeadbb7 languageName: node linkType: hard @@ -5361,13 +5424,14 @@ __metadata: linkType: hard "hast-util-to-text@npm:^3.1.0": - version: 3.1.1 - resolution: "hast-util-to-text@npm:3.1.1" + version: 3.1.2 + resolution: "hast-util-to-text@npm:3.1.2" dependencies: "@types/hast": ^2.0.0 + "@types/unist": ^2.0.0 hast-util-is-element: ^2.0.0 unist-util-find-after: ^4.0.0 - checksum: 2312a818c8ec7b02307b04175357e5a7a9918f48624d05366668ba60918734ca62b0ee21006a2a448e0e5a198654cd1fa4ba8c813702b465cb487e2320db523a + checksum: d17cf3344c1d584ddd811cbb78d25b6c9819e62c8edb9643b53be38083fd978a6fa9a5bf6e6cd7b5ea48d30d9edc2859acae40b8bb89e166bebcda6017d4703d languageName: node linkType: hard @@ -6005,14 +6069,14 @@ __metadata: languageName: node linkType: hard -"katex@npm:^0.15.0": - version: 0.15.6 - resolution: "katex@npm:0.15.6" +"katex@npm:^0.16.0": + version: 0.16.7 + resolution: "katex@npm:0.16.7" dependencies: - commander: ^8.0.0 + commander: ^8.3.0 bin: katex: cli.js - checksum: 2da808bbd1d3be27715006cd86767dd3fcce3e317fb3bbd64d407328d2d90de17b5d83062b2cfd0e0d0de32e340efbac214862bc96892a5d1492462e553728d4 + checksum: 6c3f61e28820ecba074a149d17be6d731d8a950cdd7826851e16f2b0f3627c4119acd8c6e4fb86950063c4e99a6e478720ea6cca3dc82e59bbca81001ee00b70 languageName: node linkType: hard @@ -7288,6 +7352,15 @@ __metadata: languageName: node linkType: hard +"parse5@npm:^7.0.0": + version: 7.1.2 + resolution: "parse5@npm:7.1.2" + dependencies: + entities: ^4.4.0 + checksum: 59465dd05eb4c5ec87b76173d1c596e152a10e290b7abcda1aecf0f33be49646ea74840c69af975d7887543ea45564801736356c568d6b5e71792fd0f4055713 + languageName: node + linkType: hard + "path-exists@npm:^4.0.0": version: 4.0.0 resolution: "path-exists@npm:4.0.0" @@ -7814,23 +7887,7 @@ __metadata: languageName: node linkType: hard -"rehype-katex@npm:^6.0.2": - version: 6.0.2 - resolution: "rehype-katex@npm:6.0.2" - dependencies: - "@types/hast": ^2.0.0 - "@types/katex": ^0.11.0 - hast-util-to-text: ^3.1.0 - katex: ^0.15.0 - rehype-parse: ^8.0.0 - unified: ^10.0.0 - unist-util-remove-position: ^4.0.0 - unist-util-visit: ^4.0.0 - checksum: ac8b3486441697b8e22cb7ebf6ec58e06d190240f45b128fe60422b9eb887599f38406581e6e3356af967eb1d45d631b0c09387f060190641f402f56c78fa771 - languageName: node - linkType: hard - -"rehype-parse@npm:^7 || ^ 8, rehype-parse@npm:^8.0.0": +"rehype-parse@npm:^7 || ^ 8": version: 8.0.4 resolution: "rehype-parse@npm:8.0.4" dependencies: @@ -9140,12 +9197,12 @@ __metadata: linkType: hard "unist-util-find-after@npm:^4.0.0": - version: 4.0.0 - resolution: "unist-util-find-after@npm:4.0.0" + version: 4.0.1 + resolution: "unist-util-find-after@npm:4.0.1" dependencies: "@types/unist": ^2.0.0 unist-util-is: ^5.0.0 - checksum: 8381ef0bad18a0b1fa1c7ee47f94a2578ab6bf572eb126a1f179526b9dca47584fc070976f2d83bbe381161fa33b9164a894d0279a30ec83e65433356d43df57 + checksum: bed7e7a1a87539bea0b33ddc9ce8e2f3fdd4a7c87e143a848ed5bbb4cf9c563ade7ecf80b3ee5a38f9ad9e6af29cdb8cdde9001eea92542cbb14784f5add7019 languageName: node linkType: hard @@ -9180,12 +9237,12 @@ __metadata: linkType: hard "unist-util-remove-position@npm:^4.0.0": - version: 4.0.1 - resolution: "unist-util-remove-position@npm:4.0.1" + version: 4.0.2 + resolution: "unist-util-remove-position@npm:4.0.2" dependencies: "@types/unist": ^2.0.0 unist-util-visit: ^4.0.0 - checksum: 7d2808662ac65f2b2f615822b78060419f738fb3b074b10cec77c596ea966b8f5c47553d2d322822a5975c49d2b21cdd64c198ae9fb02a9d54d1afa6342cdd6a + checksum: 989831da913d09a82a99ed9b47b78471b6409bde95942cde47e09da54b7736516f17e3c7e026af468684c1efcec5fb52df363381b2f9dc7fd96ce791c5a2fa4a languageName: node linkType: hard