On 03/23/2010 05:23 PM, Aryeh Gregor wrote:
On Tue, Mar 23, 2010 at 1:00 PM, Roan Kattouw
<roan.kattouw(a)gmail.com> wrote:
DFAs parse regular languages, which means those
languages can also be
expressed as regexes. In fact, the regexes accepted by the preg_*()
functions allow certain extensions to the language theory definition
of regular expressions, allowing them to describe certain non-regular
languages as well. In short: preg_split() can do everything a DFA can
do, and more. The only reason to use a DFA parser would be
performance, but since the preg_*() functions are so heavily optimized
I don't think that'll be an issue.
This much I know, but is LaTeX actually a regular language?
It's not even context free, luckily the subset we are interested in is
(as clearly shown by the texvc parser :p).
On Tue, Mar 23, 2010 at 1:13 PM, Conrad Irwin
<conrad.irwin(a)googlemail.com> wrote:
And here was me thinking that maintenance
didn't happen because making
changes to security critical sections of the code is dangerous :).
It's not security-critical. The worst you could possibly do is DoS,
and any DoS could be instantly shut off by just turning off math
briefly. Furthermore, the part that makes DoS impossible is a quite
small portion of the code that would need to change effectively never.
No, the problem is that most PHP programmers have never even heard of
OCaml, let alone used it.
Many LaTeX installations can be made read/write/execute anything by
default. LaTeX also allows you to redefine the meaning of characters in
the input, if you accidentally let a single command through, then all
the whitelisting becomes pointless. It certainly is a security issue.
Conrad