From 601bfd0a394c8824a3be039decd2bb87bff302c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Commaille?= Date: Tue, 14 May 2024 12:39:11 +0200 Subject: [PATCH] Improve warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kévin Commaille --- .../client-server-api/modules/instant_messaging.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/content/client-server-api/modules/instant_messaging.md b/content/client-server-api/modules/instant_messaging.md index d396d20e..c19ea917 100644 --- a/content/client-server-api/modules/instant_messaging.md +++ b/content/client-server-api/modules/instant_messaging.md @@ -430,12 +430,17 @@ basic LaTeX2e maths commands and the TeX maths commands, with the possible exception of commands that could be security risks. {{% boxes/warning %}} -Certain commands, such as [those that can create macros](https://katex.org/docs/supported#macros), +In general, LaTeX places a heavy burden on client authors to ensure that it is +processed safely. Certain commands, such as [those that can create macros](https://katex.org/docs/supported#macros), are potentially dangerous. Clients should either decline to process those commands, or should take care to ensure that they are handled in safe ways (such as by limiting recursion). In general, LaTeX commands should be filtered by -allowing known-good commands rather than forbidding known-bad commands. Some -LaTeX libraries may have options for doing this. +allowing known-good commands rather than forbidding known-bad commands. + +Therefore, clients should not render mathematics by calling a LaTeX compiler +without proper sandboxing, as those executables were not written to handle +untrusted input. Some LaTeX rendering libraries are better suited for that by +allowing only a subset of LaTeX and enforcing recursion limits. {{% /boxes/warning %}} #### Server behaviour