W3C home > Mailing lists > Public > www-math@w3.org > December 2015

Re: Is MathML really Dangerous?

From: Physikerwelt <wiki@physikerwelt.de>
Date: Sat, 5 Dec 2015 04:56:22 +0100
Message-ID: <CA+fbXr1nrPrRMg-PdHsmmS3jmvpM2jp0=MsB0Dygh8J351D18g@mail.gmail.com>
To: Paul Libbrecht <paul@hoplahup.net>
Cc: www-math@w3.org
Hi Paul,

thank you. That is a good starting point.

On Fri, Dec 4, 2015 at 11:04 PM, Paul Libbrecht <paul@hoplahup.net> wrote:
> Moritz,
>
> Can an answer be read from the Media-Type registration's "Security
> Concerns":
>     http://www.w3.org/TR/MathML3/appendixb.html
>
> >From there, one can probably read what can be removed to make MathML safe:
> - remove anything that includes external content (e.g. DTD things, styles,
> images, annotations),
> - do not compute with it (or remove MathML-Content),
> - remove foreign content (anything outside the MathML namespace and probably
> all annotations).
>

Is there someone, who actually implemented a filter for MathML?
Maybe someone provides a CMS, where users can publish MathML code that
is displayed after being filtered?
While I understand that this would not be a formal specification or a
gurantee that the filtered MathML is secure, but it would give some
evidence that this subset is ok, with todays browsers.

Best
Moritz
Received on Saturday, 5 December 2015 03:56:51 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 5 December 2015 03:56:51 UTC