[Python-modules-team] Bug#677929: Bug#677929: python-docutils: remote copy of MathJax needed to render maths
Julian Taylor
jtaylor.debian at googlemail.com
Wed Jul 4 17:42:35 UTC 2012
On 07/04/2012 01:56 PM, Guenter Milde wrote:
>> That is, if you open such document in a modern browser, it will happily
>> download some JavaScript code from a remote site. I feel this violation
>> of our users privacy (and a security concern).
>
> This depends on the browser settings of the user. Users concerned for
> privacy and security will have safeguards in place, because browsing the
> internet without these safeguards almost inevitable means to download and
> execute JavaScript from remote sites. With JavaScript blocked, the user
> will see the latex source, instead of a rendering.
>
> I agree that a web page should not use javascript without need. However,
> the idea with mathjax as default math-output-format is to have something
> that works "out of the box" for most users - all alternatives are
> currently not up to the task but require additional configuration. I
> checked the mathjax site and it appeared to be a serious project by
> serious players (see http://www.mathjax.org/sponsors/).
>
> This is why I do not agree with labeling this as a "serious" bug.
It is a serious bug.
To the very least the url must be changed to the https one:
https://c328740.ssl.cf1.rackcdn.com/mathjax/latest/MathJax.js
But as Mathjax servers from some cloud service which has the same
certificate for all frontend users, so you can't ensure that you really
get the mathjax file you wanted even when you use their https transport.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20120704/e6954be2/attachment.pgp>
More information about the Python-modules-team
mailing list