On Fri, Jun 21, 2002 at 07:07:38AM +0200, Axel Boldt wrote:
by blindly executing TeX when someone edits a
page, we are assuming
that they haven't included any malicious code in their TeX source.
TeX has two dangerous commands: shell escapes and writing to an
arbitrary file. Both can be globally disabled (and are disabled by
default in most TeX distributions). It is fairly easy however to write
TeX which eats memory like crazy (TeX allows recursion :-), so we
would have to somehow restrict the resources available to the TeX
process. But we are of course right now already wide open to all sorts
of denial-of-service attacks.
FWIW I'd like to remark that I would also like to have a LaTeX in Wikipedia.
If only to avoid that we would lose Alex to
mathplanet.org. :-) But
seriously, it would make writing math in Wikipedia a lot more fun, and the
people at
planetmath.org are probably more than willing to help us. In fact
I think that it is important for both Wiki's that the transfer of material
between Wikipedia and Planetmath should be as painless as possible.
-- Jan Hidders