Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-23 11:34:09 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Improve warning

Browse source 
Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>
This commit is contained in:
Kévin Commaille 2024-05-14 12:39:11 +02:00
parent dfbd2e27d3
commit 601bfd0a39
No known key found for this signature in database
GPG key ID: 0C971D9DBC9D678D
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
content/client-server-api/modules/instant_messaging.md
View file

@ -430,12 +430,17 @@ basic LaTeX2e maths commands and the TeX maths commands, with the possible
exception of commands that could be security risks. exception of commands that could be security risks.
{{% boxes/warning %}} {{% boxes/warning %}}
Certain commands, such as [those that can create macros](https://katex.org/docs/supported#macros), In general, LaTeX places a heavy burden on client authors to ensure that it is
processed safely. Certain commands, such as [those that can create macros](https://katex.org/docs/supported#macros),
are potentially dangerous. Clients should either decline to process those are potentially dangerous. Clients should either decline to process those
commands, or should take care to ensure that they are handled in safe ways (such commands, or should take care to ensure that they are handled in safe ways (such
as by limiting recursion). In general, LaTeX commands should be filtered by as by limiting recursion). In general, LaTeX commands should be filtered by
allowing known-good commands rather than forbidding known-bad commands. Some allowing known-good commands rather than forbidding known-bad commands.
LaTeX libraries may have options for doing this.
Therefore, clients should not render mathematics by calling a LaTeX compiler
without proper sandboxing, as those executables were not written to handle
untrusted input. Some LaTeX rendering libraries are better suited for that by
allowing only a subset of LaTeX and enforcing recursion limits.
{{% /boxes/warning %}} {{% /boxes/warning %}}
#### Server behaviour #### Server behaviour