LaTex for EEVBlog

[Morgoroth]

why not translate to pesky English ?   

[calli]

Actually the second edition was translated to English and published by nonstarch press. And then they translated that into Italian and Indonesien. Quite strange languages 😁😁😈😈

Carsten

[Zbig]

Testing Tex export from Casio FX-991EX QR code function. The calculator generates a QR code you can scan with your smart device. From there, you can e-mail yourself a link to wes.casio.com service with your result. Tex format is available there, among others. Here it goes:

\$\frac{4\rm{\pi}{\left(6.37814\rm{k}\right)}^{3}}{3.2\rm{M}}\$

Oh, bummer. Does anyone have a clue what went wrong?

Ok, figured it out. Had to enclose the whole thing as is in the backslash-dollar tags.

In case anyone is interested, that's the link the calculator has generated as a QR code:
http://wes.casio.com/math/index.php?q=I-23B-+U-000000000000+M-C10000AD00+S-001410101000110E1010B0000542+R-0101892455638533010600000000000000000000+E-C81D1A342260362E3337383134E2D0C91A331B1B1A332E32E11B1E

Ok, I cheated I don't really have this calculator yet. Just scanned the sample code from CASIO's marketing material on the site (image of a calculator displaying the code, actually). But I'm sold now. Running out to grab one right away!

[Ian.M]

EEVblog's implementation of LaTex support using mathjax is currently unsafe and allows posters to inject arbitrary javascript.  See https://www.eevblog.com/forum/chat/so-now-we-can-get-mathy-in-here/msg868990/#msg868990

Can something be done about the security issue?

[Zbig]

EEVblog's implementation of LaTex support using mathjax is currently unsafe and allows posters to inject arbitrary javascript.  See https://www.eevblog.com/forum/chat/so-now-we-can-get-mathy-in-here/msg868990/#msg868990

Can something be done about the security issue?

Oh, that's unfortunate Have you tried PMing Dave about that one?

[EEVblog]

EEVblog's implementation of LaTex support using mathjax is currently unsafe and allows posters to inject arbitrary javascript.  See https://www.eevblog.com/forum/chat/so-now-we-can-get-mathy-in-here/msg868990/#msg868990
Can something be done about the security issue?

I can disable the feature entirely?

[Ian.M]

To enable safe mode, which prevents javascript in LaTex etc. you need to add ,Safe at the end of the full URL + parameters in the line in the header that invokes Mathjax.
See http://mathjax.readthedocs.org/en/latest/safe-mode.html

[EEVblog]

To enable safe mode, which prevents javascript in LaTex etc. you need to add ,Safe at the end of the full URL + parameters in the line in the header that invokes Mathjax.
See http://mathjax.readthedocs.org/en/latest/safe-mode.html

I don't know how to use that, I'm using a plugin.

[Ian.M]

If you are still using it the way you set up here: https://www.eevblog.com/forum/suggestions/latex-for-eevblog/msg866703/#msg866703, just edit the custom script to insert the ,Safe immediately before the "> on the line with the mathjax URL

Code: [Select]

<script type="text/javascript" async="async"
  src="https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML,Safe">
</script>


[EEVblog]

If you are still using it the way you set up here: https://www.eevblog.com/forum/suggestions/latex-for-eevblog/msg866703/#msg866703, just edit the custom script to insert the ,Safe immediately before the "> on the line with the mathjax URL

Code: [Select]

<script type="text/javascript" async="async"
  src="https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML,Safe">
</script>


Added, thanks.

[Ian.M]

I've just checked the test post in the other topic.  Clicking the = now does absolutely nothing so it looks like that vulnerability is now safely blocked.

[firewalker]

Is there a way to make \$\LaTeX\$ work for post Preview?

Alexander.