[BUG] Injecting arbitrary code into webapp by exploiting KaTeX

Hi team, please quickly take a look at this: https://github.com/Khan/KaTeX/issues/1160 We managed to inject arbitrary code into each others clients using KaTeX in Gitter. I love the fact that you allow math but sanitize the contents! it's easy to break out of it and then all hell breaks loose