Add a sanity check to the math extension that skips shelling out to
texvc if the input is insanely large.
Bug: T129506
Change-Id: I2c7b6561464bddb4c3eab9230fa8168b24adaa37
* Use string constants instead of integers
* Derive new names from old via conversion of constant
naming convention to CamelCase.
* Replace old constant string e.g. 'MW_MATH_ABC_DEF'
with new string 'abcDef'
* Replace old constant value with new string.
* Tests to demonstrates what is actually done.
* Rename constants
Bug: T106630
Bug: T106631
Bug: T87941
Change-Id: I6d1094ece79e912d9ddbef6681a25196c7a6e801
- We don't localize errors and debug logs like this, it makes them
impossible to decipher
- Also remove some 1.21 and below back-compat while we're here
Change-Id: Idb23fe5b434fa9fa3518672d57ec6e5466d005ac
MathRenderer::getError() uses $this, so it should not be called statically.
MathInputCheckTexvc should instead call its convertTexvcError method, which
constructs a MathRenderer object so it can call its getError method.
This code is pretty awful. But this way it won't throw fatal errors all the time.
Change-Id: Ic438b307a3b464651363b4cc16698c7d4320b253
* Include generated tests for a better test coverage
of the Math extension.
* Compiles texvc in testsuite (if required)
* Test generator now included
* Replaces the old parser tests
* Fixes whitspace issues
Bug: 61090
Change-Id: Iff7eeb5ee72137492c3f6659e4d4d106e5715586
Introduce different error messages for missing texvccheck and
texvc and update the README file.
Bug: 61154
Change-Id: I52f796f181f6a3ab6d65a8e8d89f59d523d5b7b8
The user input specified in the math tag a. la
<math>E=m <script>alert('attacked')</script>^2 </math>
is verified in PNG rendering mode, but not in plaintext, MathJax
or LaTeXML rendering mode. This is a potential security issue.
Furthermore, the texvc specific commands such as $\reals$
that is expanded to $\mathbb{R}$ might be rendered differently
depended on the rendering mode.
Therefore, the security checking and rewriting portion of texvc
have been extracted from the texvc source
(see I1650e6ec2ccefff6335fbc36bbe8ca8f59db0faa) and are
now available as a separate executable (texvccheck).
This commit will now enable this enhancement in security and
provide even more compatibility among the different rendering
modes.
Bug: 49169
Change-Id: Ida24b6bf339508753bed40d2e218c4a5b7fe7d0c
Kunal Mehta
Darian Anthony Patrick
physikerwelt
paladox
Kunal Mehta
Bryan Davis
Chad Horohoe
Ori Livneh