https://bugzilla.wikimedia.org/show_bug.cgi?id=36496
physikerwelt <phy...@ckurs.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |phy...@ckurs.de
--- Comment #6 from physikerwelt <phy...@ckurs.de> ---
I think it is really important to have a stable, secure, and long term
supported way of math rendering.
As I'm working on integrating LaTeXML a rendering engine that converts tex to
MathML I was running into a couple of issues.
First, Wikipedia uses texvc and not tex, therefore I had to create a list of
special user defined commands. MathJax has this list as well.
To my mind it's a suboptiomal solution especially with regard to long term
support. I propose to come up with a grammar that can be used by a wide
audience (e.g. antlr) and convert that into native php code. This grammar
converts texvc to tex and eliminates all commands that are not allowed.
Second, there are some security aspects, i.e. that someone could put code that
is a potential security risk for the visitors. Texvc eliminates this security
risk by returning pictures only. On the other side as texvc is a
potential security risk for the server, since the rendering must take place on
the same machine as the core server works.
LaTeXML can use a separate server, but if there is an attack to the network the
traffic could be redirected to another server. Therefore the output of LaTeXML
must be checked again before returning it to the users browser.
If the users browser supports mathml only bugs in the browsers mathml
implementation can be a security risk. If not MathJaX is needed to convert
MathML to whatever, which comes along with all the Javascript issues.
As a result I think that it would be good to seperate the tasks somehow.
The Wikimedia Math extension php code should convert texvc to tex and ensure
that only valid tex is passed to the rendering engine.
Than a standard rendering engine can be used and the final result can be
validated according to standard methods. e.g. validate MathML out against the
W3C MathML scheme.
In summer 2012 I proposed the LaTeXML render at CICM 2012, now it's avalible as
opt-in[1].
[1] http://arxiv.org/abs/1304.5475
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
