Security Fixes
- Prevent XSS via flash message toast (f0f4da9 by @onovy).
- Replace raw URL in unconfirmed-email toast with template variables (e581cdb).
- Prevent ReDoS via user-supplied regex with timeout in search (0c84d58 by @onovy).
Bug Fixes
- Handle non-UTF-8 files gracefully instead of crashing (f81a173).
- Correct math block parsing in code spans, lists and inline contexts (0ef7138).
- Inline math blocks must be more than
$or$$(593aba4). - Fix multi-paragraph fancy blocks by replacing
$with\Zin scanner pattern (3a49e3c by @onovy). - Swap footnote ref id/href so multi-reference footnotes produce valid anchors (04feafa by @onovy).
- Correct
[A-z]regex typo to[A-Za-z]in embedding name pattern (2422d91 by @onovy). - Fix
_findTablefunction name (4ea9bff by @onovy). - Remove dead code in mermaid
block_codebranch (581310c by @onovy).