fix: inline latex rendering

[xihale]

Close #87

[gemini-code-assist]

Summary of Changes

Hello @xihale, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves an issue where inline LaTeX mathematical expressions were not being rendered as intended. By updating the KaTeX auto-render script's configuration to include specific delimiters for both inline and block-level math, the change ensures that all LaTeX syntax is correctly recognized and displayed, significantly improving the presentation of mathematical content.

Highlights

• KaTeX Configuration Update: Explicitly configured the KaTeX auto-render script with a comprehensive set of delimiters to ensure proper rendering of both inline and display LaTeX mathematical expressions.
• Inline LaTeX Support: Added support for inline LaTeX rendering using $ and \( delimiters, alongside existing support for display math using $$ and \[.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request fixes an issue with inline LaTeX rendering by configuring custom delimiters for KaTeX, correctly adding support for single-dollar-sign syntax. However, a high-severity DOM-based Cross-Site Scripting (XSS) vulnerability has been identified. This arises because the KaTeX renderer processes the entire document body, which contains unsanitized user-generated content, creating a risk of script execution if malicious content is submitted. Additionally, the current implementation embeds complex JavaScript logic within an onload attribute, which could be refactored for better readability and maintainability by extracting it into a separate deferred script block.

[xihale]

/gemini review

[gemini-code-assist]

Code Review

This pull request fixes inline LaTeX rendering by correctly configuring KaTeX to use single dollar signs for inline math. The implementation uses a DOMContentLoaded event listener. My review suggests an alternative approach using the onload attribute on the script tag. This would make the implementation more robust against script loading failures and more consistent with how other scripts are loaded in the same file.

[gemini-code-assist]

This approach using DOMContentLoaded works, but it can be made more robust and consistent with other scripts on the page. If the KaTeX script fails to load, this will cause a ReferenceError in the console.

A more robust pattern, which is also consistent with how mermaid.js is loaded in this file, is to use the onload attribute. This ensures the rendering function is only called after the script has successfully loaded, avoiding console errors on script load failure.

I suggest defining a function for rendering and calling it from the onload attribute. This also keeps the configuration nicely separated from the script tag.

    <script>
      function renderKaTeX() {
        renderMathInElement(document.body, {
          delimiters: [
            {left: '$$', right: '$$', display: true},
            {left: '$', right: '$', display: false},
            {left: '\\(', right: '\\)', display: false},
            {left: '\\[', right: '\\]', display: true}
          ]
        });
      }
    </script>
    <script defer src="https://mirrors.sustech.edu.cn/cdnjs/ajax/libs/KaTeX/0.16.9/contrib/auto-render.min.js" integrity="sha512-iWiuBS5nt6r60fCz26Nd0Zqe0nbk1ZTIQbl3Kv7kYsX+yKMUFHzjaH2+AnM6vp2Xs+gNmaBAVWJjSmuPw76Efg==" crossorigin="anonymous" onload="renderKaTeX()"></script>

[xihale]

/gemini review

[gemini-code-assist]

Code Review

This pull request aims to fix inline LaTeX rendering by explicitly configuring KaTeX delimiters, including support for single-dollar signs ($...$). However, it introduces a potential DOM-based Cross-Site Scripting (XSS) vulnerability due to processing user-controlled content with the renderMathInElement function without proper sanitization, which could allow arbitrary script execution. Additionally, it's recommended to refactor the script loading and execution to use DOMContentLoaded for better maintainability and to avoid global namespace pollution.