W3C home > Mailing lists > Public > www-math@w3.org > February 2013

RE: Help get math turned back on in Chrome

From: Paul Topping <pault@dessci.com>
Date: Fri, 8 Feb 2013 17:37:24 +0000
To: Frederic Wang <fred.wang@free.fr>, "www-math@w3.org" <www-math@w3.org>
Message-ID: <B6C5B1ABA88AF446821B281774E6DB7107A968@FERMAT.corp.dessci>
It is also possible that they lacked the manpower to check the security of the MathML code,  simply failed to assign the task to anyone, or couldn't find anyone with the necessary skills. Pure speculation on my part but it would be consistent with the lack of attention given to MathML in general and would also explain the lack of detail in the message announcing that it was left out of the Chrome release.

Paul

> -----Original Message-----
> From: Frédéric WANG [mailto:fred.wang@free.fr]
> Sent: Friday, February 08, 2013 3:19 AM
> To: www-math@w3.org
> Subject: Re: Help get math turned back on in Chrome
> 
> The initial MathML implementation in Webkit had a lot of security bugs.
> So it's actually surprising that Apple enabled MathML in all their apps
> and I think Google was actually right not to do the same. However, Dave
> spent the last year to fix all these security issues and that's why the
> implementation passed Google's security tests and why they finally
> accepted to enable MathML in Chrome. It seems that they recently found
> another security issue that made them change their mind and turned
> MathML off again. I've followed the bug reports but it was not clear
> whether they really found a security fail or whether they just did a
> preventive measure for something in the MathML implementation that
> could
> potentially be dangerous. As Neil mentioned, an engineer did a fix to
> workaround that potential security issue, essentially limiting the
> stretchy operator support (which is not so good anyway). But then for
> some reason they preferred to entirely disabled MathML again rather
> than
> just having a regression with stretchy operators. That's what I
> understood, but they don't communicate the details and I did not have
> access to the private security bugs.
> 
> On 08/02/2013 11:49, Paul Libbrecht wrote:
> > Paul,
> >
> > I support your question. Especially in relation to Safari having
> embedded this implementation and deployed it in both mobiles and
> computers.
> >
> > Can anyone formulate a comparison as to why it's kept in Safari and
> not in Chrome?
> > Are there different evaluation stabs?
> >
> > paul
> >
> 
> --
> Frédéric Wang
> maths-informatique-jeux.com/blog/frederic
> 
Received on Friday, 8 February 2013 17:37:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 8 February 2013 17:37:52 GMT