On Monday 06 June 2005 01:11 pm, H. S. Teoh wrote:
> > Make a version which generates the image on the sending side?
>
> [...]
>
> That would be a *very* nice plugin. The bad thing about the current
> plugin isn't only the security concern: it requires that the recipient
> have the plugin installed. If the image is generated on the sending
> side, it solves the security problem, and also makes it possible to
> send (La)TeX fragments to arbitrary recipients with no additional
> hassle. I think this is worth considering.
But then you can only use the plugin if you can send images, which is almost
never the case for me (image-sending never seems to work even if I'm using
AIM, maybe because I'm behind a firewall).
One possible middle-ground (after all, parsing and generating nice-looking
forumale without TeX is annoying) would be to validate expressions before
handing them to LaTeX. Define a very strict grammar which excludes most
function calls and enforce it; poorly formed expressions would just be
displayed literally.
I'm thinking of something like
EXPR ::= EXPR EXPR | "{" EXPR "}" | "\frac{"EXPR"}{" EXPR "}"
| EXPR "_" EXPR | EXPR "^" EXPR | "+" | "-"
| <greek letter escapes> | \sum | \prod | ...
i.e., just allow the most common expression-forming stuff plus the various
mathematical symbols (which are all safe). Teach your favorite parser
generator about this, validate all incoming text, and you should be fairly
safe. It's not as complete as the unrestricted form, but IMO it covers most
of what you'd want to use in IMs.
Daniel
--
/------------------- Daniel Burrows <dburrows@debian.org> ------------------\
| It is hard to think of anything |
| less sentient than a pumpkin. |
| -- Terry Pratchett, _Witches Abroad_ |
\- Does your computer have Super Cow Powers? ------- http://www.debian.org -/
Attachment:
pgpv3DzZfBcKL.pgp
Description: PGP signature