Any HTML generated by KaTeX should be safe from
<script> or other code
Of course, it is always a good idea to sanitize the HTML, though you will need a rather generous whitelist (including some of SVG and MathML) to support all of KaTeX.
maxSize option for preventing large width/height visual affronts,
maxExpand for preventing infinite macro loop attacks, and
allowedProtocols for preventing certain protocols in
refer to Options for more details.
The error message thrown by KaTeX may contain unescaped LaTeX source code. See Handling Errors for more details.
If you discovered a security issue, please let us know via https://hackerone.com/khanacademy