openkylin
/
mathjax
mirror of https://gitee.com/openkylin/mathjax.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
mathjax/unpacked/extensions/Safe.js

429 lines
12 KiB
JavaScript
Raw Blame History

/* -*- Mode: Javascript; indent-tabs-mode:nil; js-indent-level: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/*************************************************************
*
* MathJax/extensions/Safe.js
*
* Implements a "Safe" mode that disables features that could be
* misused in a shared environment (such as href's to javascript URL's).
* See the CONFIG variable below for configuration options.
*
* ---------------------------------------------------------------------
*
* Copyright (c) 2013-2018 The MathJax Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
(function (HUB,AJAX) {
var VERSION = "2.7.4";
var CONFIG = MathJax.Hub.CombineConfig("Safe",{
allow: {
//
// Values can be "all", "safe", or "none"
//
URLs: "safe", // safe are in safeProtocols below
classes: "safe", // safe start with MJX-
cssIDs: "safe", // safe start with MJX-
styles: "safe", // safe are in safeStyles below
fontsize: "all", // safe are between sizeMin and sizeMax em's
require: "safe" // safe are in safeRequire below
},
sizeMin: .7, // \scriptsize
sizeMax: 1.44, // \large
lengthMax: 3, // largest padding/border/margin, etc. in em's
safeProtocols: {
http: true,
https: true,
file: true,
javascript: false
},
safeStyles: {
color: true,
backgroundColor: true,
border: true,
cursor: true,
margin: true,
padding: true,
textShadow: true,
fontFamily: true,
fontSize: true,
fontStyle: true,
fontWeight: true,
opacity: true,
outline: true
},
safeRequire: {
action: true,
amscd: true,
amsmath: true,
amssymbols: true,
autobold: false,
"autoload-all": false,
bbox: true,
begingroup: true,
boldsymbol: true,
cancel: true,
color: true,
enclose: true,
extpfeil: true,
HTML: true,
mathchoice: true,
mhchem: true,
newcommand: true,
noErrors: false,
noUndefined: false,
unicode: true,
verb: true
},
//
// CSS styles that have Top/Right/Bottom/Left versions
//
styleParts: {
border: true,
padding: true,
margin: true,
outline: true
},
//
// CSS styles that are lengths needing max/min testing
// A string value means test that style value;
// An array gives [min,max] in em's
// Otherwise use [-lengthMax,lengthMax] from above
//
styleLengths: {
borderTop: "borderTopWidth",
borderRight: "borderRightWidth",
borderBottom: "borderBottomWidth",
borderLeft: "borderLeftWidth",
paddingTop: true,
paddingRight: true,
paddingBottom: true,
paddingLeft: true,
marginTop: true,
marginRight: true,
marginBottom: true,
marginLeft: true,
outlineTop: true,
outlineRight: true,
outlineBottom: true,
outlineLeft: true,
fontSize: [.7,1.44]
}
});
var ALLOW = CONFIG.allow;
if (ALLOW.fontsize !== "all") {CONFIG.safeStyles.fontSize = false}
var SAFE = MathJax.Extension.Safe = {
version: VERSION,
config: CONFIG,
div1: document.createElement("div"), // for CSS processing
div2: document.createElement("div"),
//
// Methods called for MathML attribute processing
//
filter: {
href: "filterURL",
src: "filterURL",
altimg: "filterURL",
"class": "filterClass",
style: "filterStyles",
id: "filterID",
fontsize: "filterFontSize",
mathsize: "filterFontSize",
scriptminsize: "filterFontSize",
scriptsizemultiplier: "filterSizeMultiplier",
scriptlevel: "filterScriptLevel"
},
//
// Filter HREF URL's
//
filterURL: function (url) {
var protocol = (url.match(/^\s*([a-z]+):/i)||[null,""])[1].toLowerCase();
if (ALLOW.URLs === "none" ||
(ALLOW.URLs !== "all" && !CONFIG.safeProtocols[protocol])) {url = null}
return url;
},
//
// Filter class names and css ID's
//
filterClass: function (CLASS) {
if (ALLOW.classes === "none" ||
(ALLOW.classes !== "all" && !CLASS.match(/^MJX-[-a-zA-Z0-9_.]+$/))) {CLASS = null}
return CLASS;
},
filterID: function (id) {
if (ALLOW.cssIDs === "none" ||
(ALLOW.cssIDs !== "all" && !id.match(/^MJX-[-a-zA-Z0-9_.]+$/))) {id = null}
return id;
},
//
// Filter style strings
//
filterStyles: function (styles) {
if (ALLOW.styles === "all") {return styles}
if (ALLOW.styles === "none") {return null}
try {
//
// Set the div1 styles to the given styles, and clear div2
//
var STYLE1 = this.div1.style, STYLE2 = this.div2.style, value;
STYLE1.cssText = styles; STYLE2.cssText = "";
//
// Check each allowed style and transfer OK ones to div2
// If the style has Top/Right/Bottom/Left, look at all four separately
//
for (var name in CONFIG.safeStyles) {if (CONFIG.safeStyles.hasOwnProperty(name)) {
if (CONFIG.styleParts[name]) {
for (var i = 0; i < 4; i++) {
var NAME = name+["Top","Right","Bottom","Left"][i]
value = this.filterStyle(NAME,STYLE1);
if (value) {STYLE2[NAME] = value}
}
} else {
value = this.filterStyle(name,STYLE1);
if (value) {STYLE2[name] = value}
}
}}
//
// Return the div2 style string
//
styles = STYLE2.cssText;
} catch (e) {styles = null}
return styles;
},
//
// Filter an individual name:value style pair
//
filterStyle: function (name,styles) {
var value = styles[name];
if (typeof value !== "string" || value === "") {return null}
if (value.match(/^\s*expression/)) {return null}
if (value.match(/javascript:/)) {return null}
var NAME = name.replace(/Top|Right|Left|Bottom/,"");
if (!CONFIG.safeStyles[name] && !CONFIG.safeStyles[NAME]) {return null}
if (!CONFIG.styleLengths[name]) {return value}
return (this.filterStyleLength(name,value,styles) ? value : null);
},
filterStyleLength: function (name,value,styles) {
if (typeof CONFIG.styleLengths[name] === "string") value = styles[CONFIG.styleLengths[name]];
value = this.length2em(value);
if (value == null) return false;
var mM = [-CONFIG.lengthMax,CONFIG.lengthMax];
if (MathJax.Object.isArray(CONFIG.styleLengths[name])) mM = CONFIG.styleLengths[name];
return (value >= mM[0] && value <= mM[1]);
},
//
// Conversion of units to em's
//
unit2em: {
em: 1,
ex: .5, // assume 1ex = .5em
ch: .5, // assume 1ch = .5em
rem: 1, // assume 1rem = 1em
px: 1/16, // assume 1em = 16px
mm: 96/25.4/16, // 25.4mm = 96px
cm: 96/2.54/16, // 2.54cm = 96px
'in': 96/16, // 1in = 96px
pt: 96/72/16, // 72pt = 1in
pc: 96/6/16 // 1pc = 12pt
},
length2em: function (value) {
var match = value.match(/(.+)(em|ex|ch|rem|px|mm|cm|in|pt|pc)/);
if (!match) return null;
return parseFloat(match[1])*this.unit2em[match[2]];
},
//
// Filter TeX font size values (in em's)
//
filterSize: function (size) {
if (ALLOW.fontsize === "none") {return null}
if (ALLOW.fontsize !== "all")
{size = Math.min(Math.max(size,CONFIG.sizeMin),CONFIG.sizeMax)}
return size;
},
filterFontSize: function (size) {
return (ALLOW.fontsize === "all" ? size: null);
},
//
// Filter scriptsizemultiplier
//
filterSizeMultiplier: function (size) {
if (ALLOW.fontsize === "none") {size = null}
else if (ALLOW.fontsize !== "all") {size = Math.min(1,Math.max(.6,size)).toString()}
return size;
},
//
// Filter scriptLevel
//
filterScriptLevel: function (level) {
if (ALLOW.fontsize === "none") {level = null}
else if (ALLOW.fontsize !== "all") {level = Math.max(0,level).toString()}
return level;
},
//
// Filter TeX extension names
//
filterRequire: function (name) {
if (ALLOW.require === "none" ||
(ALLOW.require !== "all" && !CONFIG.safeRequire[name.toLowerCase()]))
{name = null}
return name;
}
};
HUB.Register.StartupHook("TeX HTML Ready",function () {
var TEX = MathJax.InputJax.TeX;
TEX.Parse.Augment({
//
// Implements \href{url}{math} with URL filter
//
HREF_attribute: function (name) {
var url = SAFE.filterURL(this.GetArgument(name)),
arg = this.GetArgumentMML(name);
if (url) {arg.With({href:url})}
this.Push(arg);
},
//
// Implements \class{name}{math} with class-name filter
//
CLASS_attribute: function (name) {
var CLASS = SAFE.filterClass(this.GetArgument(name)),
arg = this.GetArgumentMML(name);
if (CLASS) {
if (arg["class"] != null) {CLASS = arg["class"] + " " + CLASS}
arg.With({"class":CLASS});
}
this.Push(arg);
},
//
// Implements \style{style-string}{math} with style filter
//
STYLE_attribute: function (name) {
var style = SAFE.filterStyles(this.GetArgument(name)),
arg = this.GetArgumentMML(name);
if (style) {
if (arg.style != null) {
if (style.charAt(style.length-1) !== ";") {style += ";"}
style = arg.style + " " + style;
}
arg.With({style: style});
}
this.Push(arg);
},
//
// Implements \cssId{id}{math} with ID filter
//
ID_attribute: function (name) {
var ID = SAFE.filterID(this.GetArgument(name)),
arg = this.GetArgumentMML(name);
if (ID) {arg.With({id:ID})}
this.Push(arg);
}
});
});
HUB.Register.StartupHook("TeX Jax Ready",function () {
var TEX = MathJax.InputJax.TeX,
PARSE = TEX.Parse, METHOD = SAFE.filter;
PARSE.Augment({
//
// Implements \require{name} with filtering
//
Require: function (name) {
var file = this.GetArgument(name).replace(/.*\//,"").replace(/[^a-z0-9_.-]/ig,"");
file = SAFE.filterRequire(file);
if (file) {this.Extension(null,file)}
},
//
// Controls \mmlToken attributes
//
MmlFilterAttribute: function (name,value) {
if (METHOD[name]) {value = SAFE[METHOD[name]](value)}
return value;
},
//
// Handles font size macros with filtering
//
SetSize: function (name,size) {
size = SAFE.filterSize(size);
if (size) {
this.stack.env.size = size;
this.Push(TEX.Stack.Item.style().With({styles: {mathsize: size+"em"}}));
}
}
});
});
HUB.Register.StartupHook("TeX bbox Ready",function () {
var TEX = MathJax.InputJax.TeX;
//
// Filter the styles for \bbox
//
TEX.Parse.Augment({
BBoxStyle: function (styles) {return SAFE.filterStyles(styles)},
BBoxPadding: function (pad) {
var styles = SAFE.filterStyles("padding: "+pad);
return (styles ? pad : 0);
}
});
});
HUB.Register.StartupHook("MathML Jax Ready",function () {
var PARSE = MathJax.InputJax.MathML.Parse,
METHOD = SAFE.filter;
//
// Filter MathML attributes
//
PARSE.Augment({
filterAttribute: function (name,value) {
if (METHOD[name]) {value = SAFE[METHOD[name]](value)}
return value;
}
});
});
// MathML input (href, style, fontsize, class, id)
HUB.Startup.signal.Post("Safe Extension Ready");
AJAX.loadComplete("[MathJax]/extensions/Safe.js");
})(MathJax.Hub,MathJax.Ajax);
Reference in New Issue View Git Blame Copy Permalink