[pmwiki-users] MimeTex

John Rankin john.rankin at affinity.co.nz
Wed Sep 6 18:23:56 CDT 2006


On Wednesday, 6 September 2006 6:16 PM, christian.ridderstrom at gmail.com wrote:
>On Wed, 6 Sep 2006, John Rankin wrote:
>
>> Now that MimeTeX is working, you probably don't need to know about 
>> latexrender, which does the same thing, but calls LaTeX to render the 
>> equations, then saves them as .gif files. For an example, see
>> 
>> http://www.wikipublisher.org/wiki/index.php?n=Wikipublisher.LatexEquations
>> 
>> I tested both and my experience was that:
>> 
>> - the latexrender equations looked better
>> 
>> - some equations which MimeTeX rendered wouldn't render in
>LaTeX
>
>Given the recent security concerns, maybe I should mention that MimeTeX 
>isn't exactly safe. I am *guessing* that latexrender is even less safe... 
>(If it isn't, I want to switch :-)
>
>/Christian
>
>PS. One reason these recipes are unsafe is that LaTeX can be used to 
>arbitrarily access files on your server, thus revealing sensitive 
>information.
>
LatexRender has a list of "unsafe" LaTeX commands that it disallows.
The relevant code is:

<quote>
    // this most certainly needs to be extended. in the long term it is planned to use

    // a positive list for more security. this is hopefully enough for now. i'd be glad

    // to receive more bad tags !

    var $_latex_tags_blacklist = array(

        "include","def","command","loop","repeat","open","toks","output","input",

        "catcode","name","^^",

        "\\every","\\errhelp","\\errorstopmode","\\scrollmode","\\nonstopmode","\\batchmode",

        "\\read","\\write","csname","\\newhelp","\\uppercase", "\\lowercase","\\relax","\\aftergroup",

        "\\afterassignment","\\expandafter","\\noexpand","\\special"

        );
</quote>

For information: Wikipublisher itself currently doesn't allow
any raw LaTeX commands, other than those used to write
equations for LatexRender. All the LaTeX commands are generated
from the wikibook xml via an xsl transformation. However,
someone has recently asked about using a wiki as a LaTeX editor,
enabling authors to collaborate via the Web to write and
publish LaTeX documments. 
-- 
JR
--
John Rankin







More information about the pmwiki-users mailing list