GHSA-3WC5-FCW2-2329 KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols

Impact Code that uses KaTeX's trust option, specifically that provides a function to block-list certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate javascript: links in the...

PT-2024-22361

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option can be fooled by URLs in malicious inputs that use uppercase characters in the protocol, allowin...