The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.
Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.
Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).
This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.
Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
Make LaTeXML setting configurable with the new global
variable $wgDefaultLaTeXMLSetting.
PS: This variable can be specified as an array or a
string. If specified as an array, the
array('a'=>'b','c'=>array('e','f'))
would be transformed to the equivalent setting
a=b&c=e&c=f
,which is the input format for the LaTeXML daemon.
Change-Id: I2869df27cee83b426c6eb2312306fac9d6203ef2
* new test for XML type checking function
* check if StrigUtils::isUtf8 exists in core (Thanks to Deyan Ginev for the hint.)
Bug: 50884
Change-Id: I86af95cbecc4b5c9c33fcd3a66a7fb2ccdde0194
The detailed information about the error messeage provided by the MW
HTTP libraries has not been passed to the end-user output.
Change-Id: I9cac67d8fc3a732a87c14e922670253e82f64bbb
* Remove parameters/append that are never outputted by texvc.ml
* Add missing math_output_error to i18n file
* Improve a few qqq descriptions
Change-Id: Iea5139682fbe8389e578549f5f62e5505f4c0b48
Adds a new method isChanged() for determining if a value was changed.
This is done in preparation for a more elaborated caching method that is
handled inside the abstract base class.
Change-Id: Ica15f77d96453d30edd3a117c7185c694ad3691e
SQLite has global indices, not per table one. When using the database
updater to create the `unitest_math` table, we would get an error
with a duplicate `math_inputhash` index which is created by the the
database installer.
This patch skips the testBasicCreateTable() test on sqlite.
Change-Id: I6da56d67d7af45f86cf6163cf73f5464505b43f3
adds two new phpUnitTests for the abstract MathRender class
and another one that test the basic database access.
Therefore the read and write methods have been made changed
from protected to public.
Change-Id: I77a8b0a4dfe7529b5521ead097ac7b518688ef70
Physikerwelt asked for some guidance on how to write good unit tests for
classes that depend on external resources. I wrote a few to serve as examples
for additional tests. Because they have an ulterior didactic purpose, the
comments are a bit more verbose than I would otherwise like, but despite that
the tests are good enough to merit being merged.
Change-Id: Ifa97eec1a68fb68b4744d1e5b192b410afe5ef68
This change adds test cases for the MathSource class and registers a
hook for loading these tests. Also adds documentation about how to run
these tests in README.
Change-Id: Ie58a273326e0353dfa4437b3de21a2393adb5a87
