I am working on a system that generates latex and PDFs from data provided from the public.
I don't want to allow public to accidently or maliciously embed some code that breaks latex or breaks the system. Can anyone point me to some URLs or docs or provide examples of what could be dangerous? Does latex allow running commands? One problem I imagine is attempting to include some abritrary file. I will try to strip out possible tex commands from data but want to make sure I don't miss anything. Thanks!
