From 49cf2a8dee64d98d52d5820d06703685d028a0fd Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <jessica.lawshe@overleaf.com>
Date: Wed, 27 Jun 2018 17:57:07 -0500
Subject: [PATCH] Use the MathJax `Safe.js` extension to prevent XSS

---
 services/web/public/coffee/directives/mathjax.coffee | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/web/public/coffee/directives/mathjax.coffee b/services/web/public/coffee/directives/mathjax.coffee
index 2fa449f55f..6d37353c07 100644
--- a/services/web/public/coffee/directives/mathjax.coffee
+++ b/services/web/public/coffee/directives/mathjax.coffee
@@ -2,6 +2,7 @@ define [
 	"base"
 ], (App) ->
 	mathjaxConfig =
+		extensions: ["Safe.js"]
 		messageStyle: "none"
 		imageFont:null
 		"HTML-CSS": { availableFonts: ["TeX"] },