python3Packages.django-mdeditor: patch out polyfill.io usage, bump KaTeX (#347565)

This commit is contained in:
Thomas Gerbet 2024-10-14 10:06:10 +02:00 committed by GitHub
commit 120baf417b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 67 additions and 0 deletions

View File

@ -0,0 +1,63 @@
From c5af641cccf663dffb4a47d32e28404f609badce Mon Sep 17 00:00:00 2001
From: Tomo <tomodachi94@protonmail.com>
Date: Sat, 12 Oct 2024 03:39:12 +0000
Subject: [PATCH 1/2] chore(KaTeX): bump to 0.7.1
Many bugfixes. This KaTeX is still quite old,
but versions beyond this have backwards-incompatibilities
(starting in 0.8).
---
mdeditor/static/mdeditor/js/editormd.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js
index be0005d..8aacb56 100644
--- a/mdeditor/static/mdeditor/js/editormd.js
+++ b/mdeditor/static/mdeditor/js/editormd.js
@@ -4179,8 +4179,8 @@
// 使用国外的CDN加载速度有时会很慢或者自定义URL
// You can custom KaTeX load url.
editormd.katexURL = {
- css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min",
- js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.3.0/katex.min"
+ css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min",
+ js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min"
};
editormd.kaTeXLoaded = false;
--
2.46.2
From 3d082a738262b057d33b9aa8c777d50113143952 Mon Sep 17 00:00:00 2001
From: Tomo <tomodachi94@protonmail.com>
Date: Mon, 7 Oct 2024 17:44:39 -0700
Subject: [PATCH 2/2] fix(KaTeX): Use jsdelivr instead of bootcdn
Bootcdn was compromised by a malicious actor:
https://sansec.io/research/polyfill-supply-chain-attack
KaTeX recommends using jsdelivr, so I used that:
https://katex.org/docs/browser
---
mdeditor/static/mdeditor/js/editormd.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mdeditor/static/mdeditor/js/editormd.js b/mdeditor/static/mdeditor/js/editormd.js
index 8aacb56..a31e817 100644
--- a/mdeditor/static/mdeditor/js/editormd.js
+++ b/mdeditor/static/mdeditor/js/editormd.js
@@ -4179,8 +4179,8 @@
// 使用国外的CDN加载速度有时会很慢或者自定义URL
// You can custom KaTeX load url.
editormd.katexURL = {
- css : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min",
- js : "//cdn.bootcdn.net/ajax/libs/KaTeX/0.7.1/katex.min"
+ css : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.css",
+ js : "//cdn.jsdelivr.net/npm/katex@0.7.1/dist/katex.min.js"
};
editormd.kaTeXLoaded = false;
--
2.46.2

View File

@ -18,6 +18,10 @@ buildPythonPackage {
hash = "sha256-t57j1HhjNQtBwlbqe4mAHQ9WiNcIhMKYmrZkiqh+k5k="; hash = "sha256-t57j1HhjNQtBwlbqe4mAHQ9WiNcIhMKYmrZkiqh+k5k=";
}; };
patches = [
./Bump-KaTeX-and-replace-bootcdn-with-jsdelivr.patch
];
propagatedBuildInputs = [ django ]; propagatedBuildInputs = [ django ];
# no tests # no tests