From: Physikerwelt <wiki@physikerwelt.de>

Date: Fri, 4 Dec 2015 19:04:57 +0100

Message-ID: <CA+fbXr3iz_5GKxtYgg5hFmkQ-2tW2m2hGQL3_gGhMJVNMiQT2Q@mail.gmail.com>

To: www-math@w3.org

Date: Fri, 4 Dec 2015 19:04:57 +0100

Message-ID: <CA+fbXr3iz_5GKxtYgg5hFmkQ-2tW2m2hGQL3_gGhMJVNMiQT2Q@mail.gmail.com>

To: www-math@w3.org

Dear W3C Math WG, I wonder if there is a resilient security assessment for MathML. It would be nice, if there was at least a subset of MathML, for which the security was proven according to state-of-the-art of science and technology. For example I could imagine that only presentation MathML without a finite list of possible dangerous elements such as maction or annotation could be the secure MathML subset. The background of my question is that the Wikimedia Foundation considers opening the POST endpoint for converting several input formats (i.e. TeX, AsciMathML, and MathML) to MathML + SVG (+ PNG) [1] for the public[2]. Currently this conversion endpoint it is only accessible from within the Wikimedia Foundation cluster and only accepts texvc* input. Best Moritz Schubotz [1] https://en.wikipedia.org/api/rest_v1/?doc#!/Math/post_media_math_check_type if you try this link you’ll get a “This client is not allowed to use the endpoint” exception rather than the security checked texvc output you receive in the unstable demo here http://math.beta.wmflabs.org:7231/math.beta.wmflabs.org/v1/?doc#!/Math/post_media_math_check_type [2] https://phabricator.wikimedia.org/T116147 *) texvc is a well-defined subset of LaTeX with some custom macros.Received on Friday, 4 December 2015 18:05:26 UTC

*
This archive was generated by hypermail 2.3.1
: Friday, 4 December 2015 18:05:27 UTC
*