Security checks

[Mo Baker]

we’re planning to install their Beta V4 in a Prod environment, and that we’re worried about any security vulnerabilities that we might hit, like cross-site scripting or similar 

did any one of end users or Mathjax.org users run security checks for a similar situation and find any  vulnerabilities  ?

[Davide Cervone]

Over the 15 years that MathJax has been in existence, two potential vulnerabilities have been identified, and those have been fixed.  

There was a recent issue tracker that links to a security report run by the Wikimedia Foundation that lists some minor issues that it found. A quick scan of these suggests that they don't represent an problem for users of MathJax (the settings in which these appear are not ones that pose a threat), but you can check through them for yourself.

If you are using MathJax in a situation where readers of your pages can enter mathematics processed by MathJax, then you might want to consider using the safe extension, which limits some of MathJax's features that could be abused by users.  The link describes the extension in more detail and lists the configuration options that allow you to customize what features are being limited.

Davide

On May 28, 2024, at 1:42 AM, Mo Baker <moba...@gmail.com> wrote:

we’re planning to install their Beta V4 in a Prod environment, and that we’re worried about any security vulnerabilities that we might hit, like cross-site scripting or similar 

did any one of end users or Mathjax.org users run security checks for a similar situation and find any  vulnerabilities  ?

--
You received this message because you are subscribed to the Google Groups "MathJax Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mathjax-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mathjax-users/7dcbbcb2-6c91-4060-99e6-3ff7467c2c06n%40googlegroups.com.