Commit ced695af authored by Tomo's avatar Tomo
Browse files

python3Packages.django-mdeditor: patch out polyfill.io usage, bump KaTeX 

Part of #323379
parent 516e8444

pkgs/development/python-modules/django-mdeditor/Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch

0 → 100644
+63 −0
Original line number Diff line number Diff line 
From c5af641cccf663dffb4a47d32e28404f609badce Mon Sep 17 00:00:00 2001

From: Tomo <tomodachi94@protonmail.com>

Date: Sat, 12 Oct 2024 03:39:12 +0000

Subject: [PATCH 1/2] chore(KaTeX): bump to 0.7.1



Many bugfixes. This KaTeX is still quite old,

but versions beyond this have backwards-incompatibilities

(starting in 0.8).

---

 mdeditor/static/mdeditor/js/editormd.js | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)



diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js

index be0005d..8aacb56 100644

--- a/mdeditor/static/mdeditor/js/editormd.js

+++ b/mdeditor/static/mdeditor/js/editormd.js

@@ -4179,8 +4179,8 @@

     // 使用国外的CDN,加载速度有时会很慢,或者自定义URL

     // You can custom KaTeX load url.

     editormd.katexURL  = {

-        css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min",

-        js  : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min"

+        css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min",

+        js  : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min"

     };

     

     editormd.kaTeXLoaded = false;

-- 

2.46.2





From 3d082a738262b057d33b9aa8c777d50113143952 Mon Sep 17 00:00:00 2001

From: Tomo <tomodachi94@protonmail.com>

Date: Mon, 7 Oct 2024 17:44:39 -0700

Subject: [PATCH 2/2] fix(KaTeX): Use jsdelivr instead of bootcdn



Bootcdn was compromised by a malicious actor:

https://sansec.io/research/polyfill-supply-chain-attack



KaTeX recommends using jsdelivr, so I used that:

https://katex.org/docs/browser

---

 mdeditor/static/mdeditor/js/editormd.js | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)



diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js

index 8aacb56..a31e817 100644

--- a/mdeditor/static/mdeditor/js/editormd.js

+++ b/mdeditor/static/mdeditor/js/editormd.js

@@ -4179,8 +4179,8 @@

     // 使用国外的CDN,加载速度有时会很慢,或者自定义URL

     // You can custom KaTeX load url.

     editormd.katexURL  = {

-        css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min",

-        js  : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min"

+        css : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.css",

+        js  : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.js"

     };

     

     editormd.kaTeXLoaded = false;

-- 

2.46.2

pkgs/development/python-modules/django-mdeditor/default.nix

+4 −0
Original line number Diff line number Diff line
@@ -18,6 +18,10 @@ buildPythonPackage { 
    hash = "sha256-t57j1HhjNQtBwlbqe4mAHQ9WiNcIhMKYmrZkiqh+k5k=";

  };



  patches = [

    ./Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch

  ];



  propagatedBuildInputs = [ django ];



  # no tests