W3C home > Mailing lists > Public > www-math@w3.org > December 2015

Re: Is MathML really Dangerous?

From: Deyan Ginev <d.ginev@jacobs-university.de>
Date: Fri, 4 Dec 2015 16:49:24 -0500
To: "Schubotz, Moritz" <schubotz@tu-berlin.de>, "www-math@w3.org" <www-math@w3.org>
Message-ID: <56620A64.1020406@jacobs-university.de>
Dear all,

It's great to hear that there is interest in security for MathML. I
would also be curious to hear if a "security audit" of any form has been
performed on the spec, maybe as part of the integration work with the
HTML5 working group.

Security audits are an inevitability when production-ready technologies
start being used in enterprise settings, and given the scale and
importance of the MediaWiki installations out there, it's reasonable
that they would at least ask the question. In this scope, this is a
question also suitable for the HTML5 community, and I see MathML is
already featured on html5sec:


Does the Math WG know of prior interest in this subject?


On 12/04/2015 03:26 PM, Schubotz, Moritz wrote:
> Hi Bruce,
> I have the feeling to give a reasonable answer to the question "is ASCII
> dangerous":
> https://xkcd.com/327
> At least in the context of SQL injections it has been well studied.
> If you expose MathML to browsers that might not even know what MathML is,
> they might freak out.
> Moritz
Received on Friday, 4 December 2015 21:49:54 UTC

This archive was generated by hypermail 2.3.1 : Friday, 4 December 2015 21:49:54 UTC