Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MathJaX renders anything between $$ #32

Open
sneakers-the-rat opened this issue Dec 1, 2023 · 1 comment
Open

MathJaX renders anything between $$ #32

sneakers-the-rat opened this issue Dec 1, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@sneakers-the-rat
Copy link
Collaborator

Steps to reproduce the problem

See: https://neuromatch.social/@[email protected]/111502628902459771

Screen Shot 2023-11-30 at 8 40 06 PM

Expected behaviour

Only typeset between \( and \)

Actual behaviour

See above (this issue template sucks)

Detailed description

The instance should be configured like this:

  var nonce = document.querySelector('meta[name="style-nonce"]').getAttribute('content');
  window.MathJax = {
    chtml: {nonce: nonce},
    tex: {
      processEnvironments: false,
      processRefs: false,
      inlineMath: [['\\(', '\\)']],
      displayMath: [['\\[', '\\]']]
      }
    };

mastodon/app/views/layouts/application.html.haml

Lines 38 to 50 in cf9b7e9

:javascript
var nonce = document.querySelector('meta[name="style-nonce"]').getAttribute('content');
window.MathJax = {
chtml: {nonce: nonce},
tex: {
processEnvironments: false,
processRefs: false,
inlineMath: [['\\(', '\\)']],
displayMath: [['\\[', '\\]']]
}
};
%script{ src: '/MathJax/es5/tex-chtml.js' }

which overrides the displayMath delimiters which are $$ by default: https://docs.mathjax.org/en/latest/options/input/tex.html

This is apparently ignored because of the site's content security settings which disallow inline scripts.

So we need to use the nonce that comes from here

mastodon/app/views/layouts/application.html.haml

Line 36 in cf9b7e9

%meta{ name: 'style-nonce', content: request.content_security_policy_nonce }

in the script tag, and also allow nonce'd inline scripts in our CSP.

See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script

and

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources

Mastodon instance

neuromatch.social

Mastodon version

garegarg sthsrtjytj

Browser name and version

Firefox

Operating system

macOS

Technical details

No response
@sneakers-the-rat sneakers-the-rat added the bug Something isn't working label Dec 1, 2023
@sneakers-the-rat sneakers-the-rat mentioned this issue Dec 1, 2023
Merged
@sneakers-the-rat
Copy link
Collaborator Author

It also looks like mathstodon is using a custom patched version of MathJax 🤦‍♂️
https://mathstodon.xyz/MathJax/es5/tex-chtml.js
ctrl+f for nonce, it's not in the actual version and the mathjax devs have said they won't support this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sneakers-the-rat