The output of texvccheck is not only "checked" but also
rewritten to another form.
(For example $\R$ is transformed to $\mathbb{R}$.)
But the output might not be a valid input for the thexvccheck
part of texvc, like it happened in for the example given in the bug
description.
See also I599c4390da9b8f36d800f379a33ad5ce90f5096c
Bug: 61012
Change-Id: Iae5e350cb78c0e637e574390c586fbdb8dc38496
* $wg(.*) variables from extension should start with the extension name
i.e. for extension Math $wgMath(.*)
* But keep $wgUseMathJax, because it has been used for 2 years now.
* Add release notes
Change-Id: Ib70a9f7767890cc4618bc10c2610784f5b17e670
Since math has been moved from core to an extension
it should take care of the caching by its own.
Therefore, a call to the parserOptions::getMath is removed
and own caching logic is introduced, once getMath is removed
from core.
Bug: 14202
Change-Id: Ifa847b61264f8d640c9886fd374eb3d6cf482c0c
$wgUseTeX is not needed in the extension. For backwards compatibility,
it's also set in /mediawiki/includes/DefaultSettings.php and used in
/mediawiki/includes/EditPage.php only.
Change-Id: Ie5bcabf9e2e7474a4d41d1efcc5072c144640388
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.
Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.
Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).
This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.
Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
Many things in MediaWiki (and various on-wiki templates, at least on
enwiki) output error messages wrapped in <strong class="error">. MathJax
parsing all of these (added in I1199cb34) is completely broken.
What appears to have been intended is that MathJax would parse the
errors output by MathRenderer.php. So let's add a "texerror" class to
those and have MathJax look for that class instead.
Bug: 55675
Change-Id: Iaa6c3a892af463f38e6706f9407c6dcb948fe670
texvc had several tasks in the past:
1 checking the input
2 convert MediaWiki custom syntax to standard LaTeX
3 run LaTeX
4 convert dvi2png
This change provides a simplified version that performs
only steps 1+2. This is required to avoid security problems
with tools like MathJax, especially if these tools are
run at the server-side.
Bug: 54624
Change-Id: I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa
This patch adds wfDebugLog() calls for conditions related to texvc invocations.
The logs are grouped under a 'texvc' group, added for this purpose. The reason
for logging into a separate channel is that the Math channel is too verbose for
production use on the Wikimedia cluster.
Change-Id: I05a17a0230f49f5d698b91617d06b3e3f838b67d
