Typora 1.9 Fixes XSS Vulnerabilities in Mermaid and Math Blocks

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. Code Block Math: - Typora now supports GitLab/GitHub-style math blocks, which can be inserted using the following syntax: math x = {-b \pm \sqrt{b^2-4ac} \over 2a} - Typora also supports inline math formulas such as and math block formulas. 2. EPub Export Improvements: - EPub export now includes an option called "Chapter Level in Outline," allowing users to specify the number of heading levels to include in the outline. - The default value is 3, meaning headings at levels 1, 2, and 3 will be listed in the outline. 3. Block Diagram: - The Mermaid library has been upgraded to version 10.9, introducing new block diagram features. 4. Other Improvements: - New files no longer require confirmation of the filename in the file tree. - Structured text code syntax highlighting has been added. - Whitespace characters within code blocks are now processed according to CommonMark rules. - Recent file path lengths on Windows/Linux have been shortened. - Custom alert text CSS styles are no longer preserved after exporting to PDF/HTML. - On macOS, the "Debug Mode" has been removed; users can now debug Typora elements via Safari’s "Develop" menu. - Typora languages have been updated for Polish, Traditional Chinese, Slovenian, Czech, and Norwegian. 5. Fixes: - Fixed an XSS vulnerability in Mermaid and math blocks. - Fixed an issue where videos would not go fullscreen when the fullscreen button was clicked. - Fixed a bug where triple-clicking a link inside a math block would close the window. - Fixed parsing issues with inline code containing whitespace characters. - Fixed an issue where images hosted on Cloudflare could not be loaded in Typora. - Fixed a problem where bookmarks in exported PDFs were not displayed in Adobe Reader. - Fixed an issue where certain remote images failed to load on macOS. - Fixed an issue where the “&” character in file paths was not displayed in the “Recent Files” menu on Windows/Linux. - Fixed an issue where using “$” in code language names caused incorrect string handling. - Other bug fixes. These details indicate that Typora version 1.9 includes multiple functional improvements and bug fixes, particularly in math blocks, EPub export, block diagrams, and language support.

Goal Reached Thanks to every supporter — we hit 100%!

Typora 1.9 Fixes XSS Vulnerabilities in Mermaid and Math Blocks