Avoid use of "@" in future versions of MathJax
5 views
Skip to first unread message
Murray
Dec 16, 2025, 11:57:44 PM (2 days ago) Dec 16
to MathJax Users
Being a "reserved" character, the "@" symbol as used for a version identifier/delimiter in MathJax CDN URLs causes havoc in various circumstances,
//cdn.jsdelivr.net/npm/mathjax@4
These email addresses may be viewable by everyone who visits this group or is subscribed to receive email notifications of posts in this group. Are you sure that you would like to continue?"
For example, the location https://cdn.jsdelivr.net/npm/mathjax@4 does find the desired resource when called from a HTML page, but in other contexts it may not.
The above URL appeared as the following screen shot in a recent email:
and the link pointed to https://cdn.jsdelivr.net/npm/mathjax, without the "@4".
I've also come across cases where my page containing MathJax links has failed privacy tests because the system in use thought I had email addresses on my page. This occurs more often when the page involves an input form.
Another case - in this very forum I clicked "Post message" just now and got:
"Email addresses detected in the message
Found the following email addresses://cdn.jsdelivr.net/npm/mathjax@4
These email addresses may be viewable by everyone who visits this group or is subscribed to receive email notifications of posts in this group. Are you sure that you would like to continue?"
It's probably too late for version 4, but could I suggest use of something else than "@" for future versions? Maybe "v"?
Thanks
Regards
Murray
Davide Cervone
Dec 17, 2025, 7:42:00 AM (2 days ago) Dec 17
to mathja...@googlegroups.com
Murray:
The "@4" in the jsdelivr address is part of the CDN's syntax for specifying a version number or version range (see the syntax descriptions at https://www.jsdelivr.com/). "@4" means use the latest v4.x.x whatever it is. (This is probably taken from the corresponding usage in npm and other package managers to specify versions.) That syntax is not something that MathJax controls, as it is part of the CDN itself.
Being a "reserved" character, the "@" symbol as used for a version identifier/delimiter in MathJax CDN URLs causes havoc in various circumstances,
Reserved by whom and for what? The use in this URL is exactly the use it was reserved for by the jsdelivr CDN.
The above URL appeared as the following screen shot in a recent email:
In your email, the link to jsdelivr was created by the email software, as it was not a link in the original email. The email software got the end of the URL wrong, which is not something that I can control. Perhaps if I had made that a link myself, the email software would not have tried to make one of its own, but I didn't have anything to link that address to, as it was not a complete one (you would want to include the component you are loading following that). In any case, the email software got it wrong.
I've also come across cases where my page containing MathJax links has failed privacy tests because the system in use thought I had email addresses on my page. This occurs more often when the page involves an input form.
Again, I would suggest that this is a flaw in the software doing he privacy testing, which is creating a false positive. The URL is a correct and legal one, so that software needs to be adjusted to accept that.
Another case - in this very forum I clicked "Post message" just now and got:"Email addresses detected in the messageFound the following email addresses:
//cdn.jsdelivr.net/npm/mathjax@4
These email addresses may be viewable by everyone who visits this group or is subscribed to receive email notifications of posts in this group. Are you sure that you would like to continue?"
Again, that is a false positive, and is probably based on a poor regular expression used to match email addresses. Google should fix that, as this doesn't look at all like an email address. In any case, since YOU know this isn't an email address, you can answer "yes" and send your message.
I can not change the use of `@` in the URLs for jsdelivr, but in the future I will try to make any references like that into explicit links and see if that reduces the problem for you.
Davide
Murray
Dec 18, 2025, 1:30:46 PM (14 hours ago) Dec 18
to MathJax Users
Davide
Sorry - I should have looked into jsdelivr's requirements before writing my suggestion. MathJax was the only case where I came across this (I should get out more), so I assumed it was a MathJax-only usage. My bad.
"@" is "reserved" for use in URIs by none other than Tim Berners-Lee et-al https://datatracker.ietf.org/doc/html/rfc3986#section-2.2 (along with :, /, ?, #, etc) which I took to mean such symbols have to be percent-encoded, but it turns out you can use "@" directly, for example https://en.wikipedia.org/wiki/@_(album)
Yes, it seems Google (at least in Gmail and this forum) regards any URL with an "@" in it as an email address, giving false positives. Got it, now.
Regards
Murray
Reply all
Reply to author
Forward
0 new messages