Any HTML generated by KaTeX should be safe from
<script> or other code
maxSize below for preventing large width/height visual affronts,
maxExpand below for preventing infinite macro loop attacks, and
allowedProtocols below for preventing certain protocols in
Of course, it is always a good idea to sanitize the HTML, though you will need a rather generous whitelist (including some of SVG and MathML) to support all of KaTeX.
If you discovered a security issue, please let us know via https://hackerone.com/khanacademy