Fix reagent unsafe html rendering (#760)

borkdude · web-flow · commit c78131500072 · 2025-07-23T11:46:16.000+02:00
Fixes #759.
diff --git a/src/nextjournal/clerk/render.cljs b/src/nextjournal/clerk/render.cljs
@@ -922,7 +922,7 @@
 
 (defn render-html [markup]
   (r/as-element (if (string? markup)
-                  [:span {:dangerouslySetInnerHTML {:__html markup}}]
+                  [:span {:dangerouslySetInnerHTML (r/unsafe-html markup)}]
                   markup)))
 
 (defn render-promise [p opts]
@@ -981,9 +981,10 @@
         default-loading-view))))
 
 (defn render-katex [tex-string {:keys [inline?]}]
+  (prn :text-string tex-string :inline inline?)
   (let [katex (hooks/use-d3-require "katex@0.16.4")]
     (if katex
-      [:span {:dangerouslySetInnerHTML {:__html (.renderToString katex tex-string (j/obj :displayMode (not inline?) :throwOnError false))}}]
+      [:span {:dangerouslySetInnerHTML (r/unsafe-html (.renderToString katex tex-string (j/obj :displayMode (not inline?) :throwOnError false)))}]
       default-loading-view)))
 
 (defn render-mathjax [value]
diff --git a/src/nextjournal/clerk/sci_env.cljs b/src/nextjournal/clerk/sci_env.cljs
@@ -35,11 +35,12 @@
             [nextjournal.clojure-mode.keymap]
             [nextjournal.markdown]
             [nextjournal.markdown.transform]
+            [reagent.core :as r]
             [reagent.dom.server :as dom-server]
             [reagent.ratom :as ratom]
             [sci.configs.applied-science.js-interop :as sci.configs.js-interop]
-            [sci.configs.reagent.reagent :as sci.configs.reagent]
             [sci.configs.cljs.pprint :as sci.configs.pprint]
+            [sci.configs.reagent.reagent :as sci.configs.reagent]
             [sci.core :as sci]
             [sci.ctx-store]
             [sci.nrepl.server :as nrepl]
@@ -166,36 +167,37 @@
    :ns-aliases '{clojure.math cljs.math
                  cljs.repl clojure.repl
                  clojure.pprint cljs.pprint}
-   :namespaces (merge {'nextjournal.clerk.viewer viewer-namespace
-                       'nextjournal.clerk viewer-namespace ;; TODO: expose cljs variant of `nextjournal.clerk` with docstrings
-                       'nextjournal.clerk.sci-env {'load-string+
+   :namespaces (-> (merge {'nextjournal.clerk.viewer viewer-namespace
+                           'nextjournal.clerk viewer-namespace ;; TODO: expose cljs variant of `nextjournal.clerk` with docstrings
+                           'nextjournal.clerk.sci-env {'load-string+
 
-                                                   load-string+}
-                       'clojure.core {'read-string read-string
-                                      'implements? (sci/copy-var implements?* core-ns)
-                                      'time (sci/copy-var time core-ns)
-                                      'system-time (sci/copy-var system-time core-ns)}
-                       'clojure.repl {'pst pst-stub}}
-                      (sci-copy-nss
-                       'cljs.math
-                       'cljs.repl
-                       'nextjournal.clerk.parser
-                       'nextjournal.clerk.render
-                       'nextjournal.clerk.render.code
-                       'nextjournal.clerk.render.editor
-                       'nextjournal.clerk.render.hooks
-                       'nextjournal.clerk.render.navbar
-                       'nextjournal.clerk.render.table
-                       'nextjournal.clojure-mode
-                       'nextjournal.clojure-mode.keymap
-                       'nextjournal.clojure-mode.commands
-                       'nextjournal.clojure-mode.extensions.eval-region
-                       'nextjournal.markdown
-                       'nextjournal.markdown.transform)
+                                                       load-string+}
+                           'clojure.core {'read-string read-string
+                                          'implements? (sci/copy-var implements?* core-ns)
+                                          'time (sci/copy-var time core-ns)
+                                          'system-time (sci/copy-var system-time core-ns)}
+                           'clojure.repl {'pst pst-stub}}
+                          (sci-copy-nss
+                           'cljs.math
+                           'cljs.repl
+                           'nextjournal.clerk.parser
+                           'nextjournal.clerk.render
+                           'nextjournal.clerk.render.code
+                           'nextjournal.clerk.render.editor
+                           'nextjournal.clerk.render.hooks
+                           'nextjournal.clerk.render.navbar
+                           'nextjournal.clerk.render.table
+                           'nextjournal.clojure-mode
+                           'nextjournal.clojure-mode.keymap
+                           'nextjournal.clojure-mode.commands
+                           'nextjournal.clojure-mode.extensions.eval-region
+                           'nextjournal.markdown
+                           'nextjournal.markdown.transform)
 
-                      sci.configs.js-interop/namespaces
-                      sci.configs.reagent/namespaces
-                      sci.configs.pprint/namespaces)})
+                          sci.configs.js-interop/namespaces
+                          sci.configs.reagent/namespaces
+                          sci.configs.pprint/namespaces)
+                   (assoc-in ['reagent.core 'unsafe-html] r/unsafe-html))})
 
 (defn ^:export eval-form [f]
   (sci/binding [sci/ns @last-ns]
diff --git a/src/nextjournal/clerk/viewer.cljc b/src/nextjournal/clerk/viewer.cljc
@@ -819,7 +819,9 @@
    ;; formulas
    {:name :nextjournal.markdown/formula
     :transform-fn (comp :text ->value)
-    :render-fn '(fn [tex] (nextjournal.clerk.render/render-katex tex {:inline? true}))}
+    :render-fn '(fn [tex]
+                  (prn :tex tex)
+                  (nextjournal.clerk.render/render-katex tex {:inline? true}))}
    {:name :nextjournal.markdown/block-formula
     :transform-fn (comp :text ->value)
     :render-fn 'nextjournal.clerk.render/render-katex}
@@ -1031,7 +1033,7 @@
             :nextjournal/value
             (fn [hiccup]
               (if (string? hiccup)
-                [:div {:dangerouslySetInnerHTML {:__html hiccup}}]
+                hiccup
                 (w/postwalk (fn [x] (if (wrapped-value? x)
                                       [(inspect-fn)
                                        (present (inherit-opts wrapped-value x (swap! !path-idx inc)))]
