- From: Daniel Cheng <dcheng@chromium.org>
- Date: Mon, 15 Apr 2013 16:23:04 -0700
- To: Paul Topping <pault@dessci.com>
- Cc: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>, "public-webapps@w3.org" <public-webapps@w3.org>
- Message-ID: <CAF3XrKog61mvyXMS-bm_pCmKdUp-LMrLfXXYjd3m9wUNU+PnnQ@mail.gmail.com>
I see. I wasn't aware of that reference since I didn't find it in my searching. In that case, I don't have any particular objection though I don't really know what would needs to be sanitized. Daniel On Mon, Apr 15, 2013 at 4:12 PM, Paul Topping <pault@dessci.com> wrote: > http://www.w3.org/TR/MathML3/appendixb.html mentions both Mac and > Windows formats for MathML. **** > > ** ** > > *From:* dcheng@google.com [mailto:dcheng@google.com] *On Behalf Of *Daniel > Cheng > *Sent:* Monday, April 15, 2013 3:49 PM > > *To:* Paul Topping > *Cc:* Hallvord Reiar Michaelsen Steen; public-webapps@w3.org > *Subject:* Re: MathML and "Clipboard API and events"**** > > ** ** > > On Mon, Apr 15, 2013 at 3:07 PM, Paul Topping <pault@dessci.com> wrote:*** > * > > Why would the answer to this question be dictated by the need to convert > the MathML format to some other “native” format? I just want my app (native > or web) to be able to identify the clipboard data type so it can consume > the data as it sees fit. Conversion to some other format is but one thing > an app can do with data. If apps can’t identify MathML with confidence, > they are stuck with ad hoc sniffing of any non-specific data types that > might contain MathML. I might look at the plain text and XML data types to > see if they contain “<math>”, for example. **** > > Because if there is no native format to convert it too, then every > browser is likely to do it differently anyway... which means you're stuck > with ad hoc detection of MathML anyway.**** > > ** ** > > Like I said, there's nothing that stops you from setting text/mathml on > the HTML clipboard today. It just won't have the magic conversion to the > native type.**** > > **** > > **** > > **** > > In some sense MathML does have a native format on Mac and Windows. > Microsoft and Design Science (my company) got together years ago and > defined one. There are some other companies that support it but it seems > like it is hard to get the word out there with a “standard” offered by > commercial app vendors.**** > > I can't find any information about this native format. And even if > there is a native format, that is not the same as having a standard format > in the native data transfer object (IDataObject on Windows, NSPasteboard on > Mac).**** > > If browsers supported MathML rendering and a distinct MathML clipboard > type and both were defined by the W3C, it would go a long way to > establishing a standard that matters and it would get adopted widely.**** > > **** > > Paul**** > > **** > > *From:* dcheng@google.com [mailto:dcheng@google.com] *On Behalf Of *Daniel > Cheng > *Sent:* Monday, April 15, 2013 1:56 PM > *To:* Paul Topping > *Cc:* Hallvord Reiar Michaelsen Steen; public-webapps@w3.org**** > > > *Subject:* Re: MathML and "Clipboard API and events"**** > > **** > > When I suggested formats that implementations ought to support, I > specifically mentioned image/svg+xml because it was mostly convertible to > native types (Windows metafile on Windows, PDF on Mac). I don't think > anyone's implemented this conversion, but it's technically possible.**** > > **** > > On the other hand, MathML doesn't have a corresponding native equivalent > on Windows or Mac. You could argue that this is a chicken and egg problem, > but without any native format equivalents, there's no good way to map that > data.**** > > **** > > You should still be able to set MathML in the clipboard if you want. It > just won't be visible to native apps.**** > > **** > > Daniel**** > > **** > > On Mon, Apr 15, 2013 at 8:44 AM, Paul Topping <pault@dessci.com> wrote:*** > * > > Hi Halvord, > > Yes, your rewording sounds like a good direction to me. I still worry that > placing plain text on the clipboard along with MathML will result in a lot > of apps failing to paste the MathML but doing so would probably be > considered a bug in such an app. > > Thanks for filing the bugs. I suspect that the MathML community would be > eager to help define what needs to get stripped out of MathML to maintain > security. However, speaking for myself, I do not know what kinds of things > are considered dangerous. For example, MathML has markup that lets a math > expression act as a hyperlink. Do we need to strip that out completely or > is that dependent on the url? If there are guidelines on what is considered > dangerous, then we could figure out exactly which MathML constructs need to > be pruned. Or is there some other procedure for getting this done? > > Paul**** > > > > -----Original Message----- > > From: Hallvord Reiar Michaelsen Steen [mailto:hallvord@opera.com] > > Sent: Monday, April 15, 2013 1:50 AM > > To: public-webapps@w3.org; Paul Topping > > Subject: Re: MathML and "Clipboard API and events" > >**** > > > Hi Paul, thanks for your comments. > > > > > Mathematical information > > > > > > This section says "MathML often needs to be transformed to be > > > copied as plain text, for example to make sure "to the power of" > > > is shown with the caret "^" sign in a formula plain-text input." > > > Such a transformation should not be part of a normal copy operation > > > since that would transfer MathML. My concern is that readers get the > > > idea that x 2 should always or often be transformed to x^2. > > > > > > What about saying something like > > > > > > "Some applications may want to place plain text alternatives along with > > MathML formulas on he clipboard, for example to make sure .." ? > > > > > > > 10. Mandatory data types > > > > > > I am surprised not to see a MathML type in this list > > > > > > Well, since you mention it.. I've filed a bug ( > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=21698 ) in response to > > your question. If you have comments or information please add (either by > > replying here or in the bug). Would be great if you could help me > understand > > whether allowing an application to write MathML to the clipboard could > > expose an app to attacks if the MathML markup is pasted without further > > processing - see also > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=21700 > > > > > > -- > > Hallvord R. M. Steen > > Core tester, Opera Software > > > > > > > >**** > > **** > > ** ** >
Received on Monday, 15 April 2013 23:24:12 UTC