Loading pkgs/development/python-modules/django-mdeditor/Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch 0 → 100644 +63 −0 Original line number Diff line number Diff line From c5af641cccf663dffb4a47d32e28404f609badce Mon Sep 17 00:00:00 2001 From: Tomo <tomodachi94@protonmail.com> Date: Sat, 12 Oct 2024 03:39:12 +0000 Subject: [PATCH 1/2] chore(KaTeX): bump to 0.7.1 Many bugfixes. This KaTeX is still quite old, but versions beyond this have backwards-incompatibilities (starting in 0.8). --- mdeditor/static/mdeditor/js/editormd.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js index be0005d..8aacb56 100644 --- a/mdeditor/static/mdeditor/js/editormd.js +++ b/mdeditor/static/mdeditor/js/editormd.js @@ -4179,8 +4179,8 @@ // 使用国外的CDN,加载速度有时会很慢,或者自定义URL // You can custom KaTeX load url. editormd.katexURL = { - css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min", - js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min" + css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min", + js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min" }; editormd.kaTeXLoaded = false; -- 2.46.2 From 3d082a738262b057d33b9aa8c777d50113143952 Mon Sep 17 00:00:00 2001 From: Tomo <tomodachi94@protonmail.com> Date: Mon, 7 Oct 2024 17:44:39 -0700 Subject: [PATCH 2/2] fix(KaTeX): Use jsdelivr instead of bootcdn Bootcdn was compromised by a malicious actor: https://sansec.io/research/polyfill-supply-chain-attack KaTeX recommends using jsdelivr, so I used that: https://katex.org/docs/browser --- mdeditor/static/mdeditor/js/editormd.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js index 8aacb56..a31e817 100644 --- a/mdeditor/static/mdeditor/js/editormd.js +++ b/mdeditor/static/mdeditor/js/editormd.js @@ -4179,8 +4179,8 @@ // 使用国外的CDN,加载速度有时会很慢,或者自定义URL // You can custom KaTeX load url. editormd.katexURL = { - css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min", - js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min" + css : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.css", + js : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.js" }; editormd.kaTeXLoaded = false; -- 2.46.2 pkgs/development/python-modules/django-mdeditor/default.nix +4 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,10 @@ buildPythonPackage { hash = "sha256-t57j1HhjNQtBwlbqe4mAHQ9WiNcIhMKYmrZkiqh+k5k="; }; patches = [ ./Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch ]; propagatedBuildInputs = [ django ]; # no tests Loading Loading
pkgs/development/python-modules/django-mdeditor/Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch 0 → 100644 +63 −0 Original line number Diff line number Diff line From c5af641cccf663dffb4a47d32e28404f609badce Mon Sep 17 00:00:00 2001 From: Tomo <tomodachi94@protonmail.com> Date: Sat, 12 Oct 2024 03:39:12 +0000 Subject: [PATCH 1/2] chore(KaTeX): bump to 0.7.1 Many bugfixes. This KaTeX is still quite old, but versions beyond this have backwards-incompatibilities (starting in 0.8). --- mdeditor/static/mdeditor/js/editormd.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js index be0005d..8aacb56 100644 --- a/mdeditor/static/mdeditor/js/editormd.js +++ b/mdeditor/static/mdeditor/js/editormd.js @@ -4179,8 +4179,8 @@ // 使用国外的CDN,加载速度有时会很慢,或者自定义URL // You can custom KaTeX load url. editormd.katexURL = { - css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min", - js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min" + css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min", + js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min" }; editormd.kaTeXLoaded = false; -- 2.46.2 From 3d082a738262b057d33b9aa8c777d50113143952 Mon Sep 17 00:00:00 2001 From: Tomo <tomodachi94@protonmail.com> Date: Mon, 7 Oct 2024 17:44:39 -0700 Subject: [PATCH 2/2] fix(KaTeX): Use jsdelivr instead of bootcdn Bootcdn was compromised by a malicious actor: https://sansec.io/research/polyfill-supply-chain-attack KaTeX recommends using jsdelivr, so I used that: https://katex.org/docs/browser --- mdeditor/static/mdeditor/js/editormd.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js index 8aacb56..a31e817 100644 --- a/mdeditor/static/mdeditor/js/editormd.js +++ b/mdeditor/static/mdeditor/js/editormd.js @@ -4179,8 +4179,8 @@ // 使用国外的CDN,加载速度有时会很慢,或者自定义URL // You can custom KaTeX load url. editormd.katexURL = { - css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min", - js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min" + css : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.css", + js : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.js" }; editormd.kaTeXLoaded = false; -- 2.46.2
pkgs/development/python-modules/django-mdeditor/default.nix +4 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,10 @@ buildPythonPackage { hash = "sha256-t57j1HhjNQtBwlbqe4mAHQ9WiNcIhMKYmrZkiqh+k5k="; }; patches = [ ./Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch ]; propagatedBuildInputs = [ django ]; # no tests Loading
