Merge pull request #3879 from overleaf/jel-ja-wiki-mathjax

Fix learn wiki XSS GitOrigin-RevId: 3964b2eaf56ef57ec34e4cdd3e683dd36f9eae6e
2026-05-23 17:19:37 +02:00 · 2021-04-08 09:26:13 -05:00
parent 2cb709161e
commit 5220198991
1 changed files with 0 additions and 9 deletions
--- a/services/web/frontend/js/directives/mathjax.js
+++ b/services/web/frontend/js/directives/mathjax.js
@@ -8,15 +8,6 @@ export default App.directive('mathjax', function($compile, $parse) {
    link(scope, element, attrs) {
      if (!(MathJax && MathJax.Hub)) return

-      // Allowing HTML can be unsafe unless using something like
-      // `ng-bind-html` because of potential Angular XSS via {{/}}
-      if (!$parse(attrs.mathjaxAllowHtml)(scope)) {
-        const mathJaxContents = element.html()
-        const nonBindableEl = $compile('<span ng-non-bindable></span>')({})
-        element.html('').append(nonBindableEl)
-        nonBindableEl.html(mathJaxContents)
-      }
-
      if (attrs.delimiter !== 'no-single-dollar') {
        const inlineMathConfig =
          MathJax.Hub.config && MathJax.Hub.config.tex2jax.inlineMath