diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2024-06-28 19:41:21 +0200 |
---|---|---|
committer | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-06-30 22:58:19 +0200 |
commit | 9d2357782b69013baabc5a4ce26617d25d9546cb (patch) | |
tree | 4800c888ace1b1eeae8a1a0ee481b8f5789f1bee /pkgs/os-specific/linux | |
parent | 3766b055dbf41983185adc97626a4eb186c234e2 (diff) |
pandoc: apply patch removing the usage of polyfill.io in the templates
If you output HTML with MathJax content Pandoc might uses a JS library provided by cdn.polyfill.io which is now considered to be a bad actor. https://sansec.io/research/polyfill-supply-chain-attack `haskellPackages.pandoc` is not impacted, the concerned domain is not used To reproduce the issue: 1. Create a file `math.tex` with the following content `$a^2 + b^2 = c^2$` 2. Call `pandoc` with `pandoc math.tex -s --mathjax -o ex.html` 3. Look at the injected scripts in `ex.html`
Diffstat (limited to 'pkgs/os-specific/linux')
0 files changed, 0 insertions, 0 deletions