- From: Physikerwelt <wiki@physikerwelt.de>
- Date: Sat, 5 Dec 2015 04:56:22 +0100
- To: Paul Libbrecht <paul@hoplahup.net>
- Cc: www-math@w3.org
Hi Paul, thank you. That is a good starting point. On Fri, Dec 4, 2015 at 11:04 PM, Paul Libbrecht <paul@hoplahup.net> wrote: > Moritz, > > Can an answer be read from the Media-Type registration's "Security > Concerns": > http://www.w3.org/TR/MathML3/appendixb.html > > >From there, one can probably read what can be removed to make MathML safe: > - remove anything that includes external content (e.g. DTD things, styles, > images, annotations), > - do not compute with it (or remove MathML-Content), > - remove foreign content (anything outside the MathML namespace and probably > all annotations). > Is there someone, who actually implemented a filter for MathML? Maybe someone provides a CMS, where users can publish MathML code that is displayed after being filtered? While I understand that this would not be a formal specification or a gurantee that the filtered MathML is secure, but it would give some evidence that this subset is ok, with todays browsers. Best Moritz
Received on Saturday, 5 December 2015 03:56:51 UTC