On Monday 06 June 2005 01:11 pm, H. S. Teoh wrote: > > Make a version which generates the image on the sending side? > > [...] > > That would be a *very* nice plugin. The bad thing about the current > plugin isn't only the security concern: it requires that the recipient > have the plugin installed. If the image is generated on the sending > side, it solves the security problem, and also makes it possible to > send (La)TeX fragments to arbitrary recipients with no additional > hassle. I think this is worth considering. But then you can only use the plugin if you can send images, which is almost never the case for me (image-sending never seems to work even if I'm using AIM, maybe because I'm behind a firewall). One possible middle-ground (after all, parsing and generating nice-looking forumale without TeX is annoying) would be to validate expressions before handing them to LaTeX. Define a very strict grammar which excludes most function calls and enforce it; poorly formed expressions would just be displayed literally. I'm thinking of something like EXPR ::= EXPR EXPR | "{" EXPR "}" | "\frac{"EXPR"}{" EXPR "}" | EXPR "_" EXPR | EXPR "^" EXPR | "+" | "-" | <greek letter escapes> | \sum | \prod | ... i.e., just allow the most common expression-forming stuff plus the various mathematical symbols (which are all safe). Teach your favorite parser generator about this, validate all incoming text, and you should be fairly safe. It's not as complete as the unrestricted form, but IMO it covers most of what you'd want to use in IMs. Daniel -- /------------------- Daniel Burrows <dburrows@debian.org> ------------------\ | It is hard to think of anything | | less sentient than a pumpkin. | | -- Terry Pratchett, _Witches Abroad_ | \- Does your computer have Super Cow Powers? ------- http://www.debian.org -/
Attachment:
pgpv3DzZfBcKL.pgp
Description: PGP signature