Change markdown-it-katex plugin for something else, has xss

[km2442]

Hello, markdown-it-katex plugin has xss - https://www.npmjs.com/advisories/1466
As this plugin isn't maintained for a few years from now, could you please change it for another plugin? I doubt that the author will fix this high severity issue :(

[ravenq]

thanks for you issue! @km2442

I will try to find a new plugin to instead.

[jelmerveen]

There has been an update of Katex in September.

See: waylonflinn/markdown-it-katex#26
and: quasarframework/quasar-ui-qmarkdown#120

waylonflinn/markdown-it-katex#31

Might be worth using a fork of Katex?

[VincentPetitot]

Any news for this issue?
NPM reports this dependency as vulnerable:

Severity: high
Cross-Site Scripting - https://npmjs.com/advisories/1466
No fix available
node_modules/markdown-it-katex
  markdown-it-vue  *
  Depends on vulnerable versions of markdown-it-katex
  node_modules/markdown-it-vue

2 high severity vulnerabilities

[meatnordrink]

For anyone else hitting this issue, for whom the vulnerability is unacceptable -

On our project, we had to switch off this package for this reason, but just using markdown-it with v-html worked fine, i.e.,

import MarkdownIt from "markdown-it"
const md = new MarkdownIt({});
// in template -
<div v-html="md.render(myMarkdownContent)"></div>