Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update gitbook and bs4_book templates to use latest version of MathJax 2.7 from cdnjs #1355

Merged
merged 2 commits into from
Jun 30, 2022
Merged

Update gitbook and bs4_book templates to use latest version of MathJax 2.7 from cdnjs #1355

merged 2 commits into from
Jun 30, 2022

Conversation

scarnecchia
Copy link
Contributor

This PR implements the changes discussed in #1354 by updating the source for MathJax in inst/templates/bs4_book.html and inst/templates/github.html to use cloudflare's cdnjs latest for 2.7. This closes an XSS vulnerability (CVE-2018-1999024) found in versions of MathJax in version's earlier than 2.7.4.

I tested this using a couple of input files I had lying around and I can confirm that the version is now MathJax 2.7.9 and that latex is rendering correctly. I did not see an explicit test for math in the test folder. I'd be happy to add one, but not sure I'll get to it today.

yihui
yihui approved these changes Jun 30, 2022
View reviewed changes
Copy link
Member

@yihui yihui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I noticed that the mode of three files was changed from 644 to 755. Do you know how to revert it?

@CLAassistant
Copy link

CLAassistant commented Jun 30, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@scarnecchia
Copy link
Contributor Author

Hi @yihui : I've resolved that issue. File mode should be 644 again (and I've updated my git config to prevent that from happening in the future)

yihui
yihui approved these changes Jun 30, 2022
View reviewed changes
Copy link
Member

@yihui yihui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great! We will use https://mathjax.rstudio.com/latest/ again once if actually points to the latest 2.x version. Thank you very much!

@yihui yihui merged commit f484d4c into rstudio:main Jun 30, 2022
@cderv cderv mentioned this pull request Aug 24, 2022
Closed
@cderv cderv linked an issue Aug 24, 2022 that may be closed by this pull request
[FR] Update MathJax src in gitbook template to latest version of 2.7 #1354
Closed
@cderv cderv mentioned this pull request Aug 24, 2022
Open
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@yihui yihui yihui approved these changes

Assignees
No one assigned
Labels
None yet
Projects
R Markdown Team Projects
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FR] Update MathJax src in gitbook template to latest version of 2.7
3 participants
@scarnecchia @CLAassistant @yihui