Safe.js 5.1 KB

123456789101112131415161718192021222324252627
  1. /* -*- Mode: Javascript; indent-tabs-mode:nil; js-indent-level: 2 -*- */
  2. /* vim: set ts=2 et sw=2 tw=80: */
  3. /*************************************************************
  4. *
  5. * MathJax/extensions/Safe.js
  6. *
  7. * Implements a "Safe" mode that disables features that could be
  8. * misused in a shared environment (such as href's to javascript URL's).
  9. * See the CONFIG variable below for configuration options.
  10. *
  11. * ---------------------------------------------------------------------
  12. *
  13. * Copyright (c) 2013 The MathJax Consortium
  14. *
  15. * Licensed under the Apache License, Version 2.0 (the "License");
  16. * you may not use this file except in compliance with the License.
  17. * You may obtain a copy of the License at
  18. *
  19. * http://www.apache.org/licenses/LICENSE-2.0
  20. *
  21. * Unless required by applicable law or agreed to in writing, software
  22. * distributed under the License is distributed on an "AS IS" BASIS,
  23. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  24. * See the License for the specific language governing permissions and
  25. * limitations under the License.
  26. */(function(f,k){var e=MathJax.Hub.CombineConfig("Safe",{allow:{URLs:"safe",classes:"safe",cssIDs:"safe",styles:"safe",fontsize:"all",require:"safe"},sizeMin:.7,sizeMax:1.44,safeProtocols:{http:!0,https:!0,file:!0,javascript:!1},safeStyles:{color:!0,backgroundColor:!0,border:!0,cursor:!0,margin:!0,padding:!0,textShadow:!0,fontFamily:!0,fontSize:!0,fontStyle:!0,fontWeight:!0,opacity:!0,outline:!0},safeRequire:{action:!0,amscd:!0,amsmath:!0,amssymbols:!0,autobold:!1,"autoload-all":!1,bbox:!0,begingroup:!0,boldsymbol:!0,cancel:!0,color:!0,enclose:!0,extpfeil:!0,HTML:!0,mathchoice:!0,mhchem:!0,newcommand:!0,noErrors:!1,noUndefined:!1,unicode:!0,verb:!0}}),c=e.allow;"all"!==c.fontsize&&(e.safeStyles.fontSize=!1);var d=MathJax.Extension.Safe={version:"2.2",config:e,div1:document.createElement("div"),div2:document.createElement("div"),filter:{href:"filterURL",src:"filterURL",altimg:"filterURL","class":"filterClass",style:"filterStyles",id:"filterID",fontsize:"filterFontSize",mathsize:"filterFontSize",scriptminsize:"filterFontSize",scriptsizemultiplier:"filterSizeMultiplier",scriptlevel:"filterScriptLevel"},filterURL:function(a){var b=(a.match(/^\s*([a-z]+):/i)||[null,""])[1].toLowerCase();if("none"===c.URLs||"all"!==c.URLs&&!e.safeProtocols[b])a=null;return a},filterClass:function(a){if("none"===c.classes||"all"!==c.classes&&!a.match(/^MJX-[-a-zA-Z0-9_.]+$/))a=null;return a},filterID:function(a){if("none"===c.cssIDs||"all"!==c.cssIDs&&!a.match(/^MJX-[-a-zA-Z0-9_.]+$/))a=null;return a},filterStyles:function(a){if("all"===c.styles)return a;if("none"===c.styles)return null;try{var b=this.div1.style,h=this.div2.style;b.cssText=a;h.cssText="";for(var g in e.safeStyles)if(e.safeStyles.hasOwnProperty(g)){var d=this.filterStyle(g,b[g]);null!=d&&(h[g]=d)}a=h.cssText}catch(f){a=null}return a},filterStyle:function(a,b){return"string"!==typeof b||b.match(/^\s*expression/)||b.match(/javascript:/)?null:e.safeStyles[a]?b:null},filterSize:function(a){if("none"===c.fontsize)return null;"all"!==c.fontsize&&(a=Math.min(Math.max(a,e.sizeMin),e.sizeMax));return a},filterFontSize:function(a){return"all"===c.fontsize?a:null},filterSizeMultiplier:function(a){"none"===c.fontsize?a=null:"all"!==c.fontsize&&(a=Math.min(1,Math.max(.6,a)).toString());return a},filterScriptLevel:function(a){"none"===c.fontsize?a=null:"all"!==c.fontsize&&(a=Math.max(0,a).toString());return a},filterRequire:function(a){if("none"===c.require||"all"!==c.require&&!e.safeRequire[a.toLowerCase()])a=null;return a}};f.Register.StartupHook("TeX HTML Ready",function(){MathJax.InputJax.TeX.Parse.Augment({HREF_attribute:function(a){var b=d.filterURL(this.GetArgument(a));a=this.GetArgumentMML(a);b&&a.With({href:b});this.Push(a)},CLASS_attribute:function(a){var b=d.filterClass(this.GetArgument(a));a=this.GetArgumentMML(a);b&&(null!=a["class"]&&(b=a["class"]+" "+b),a.With({"class":b}));this.Push(a)},STYLE_attribute:function(a){var b=d.filterStyles(this.GetArgument(a));a=this.GetArgumentMML(a);b&&(null!=a.style&&(";"!==b.charAt(b.length-1)&&(b+=";"),b=a.style+" "+b),a.With({style:b}));this.Push(a)},ID_attribute:function(a){var b=d.filterID(this.GetArgument(a));a=this.GetArgumentMML(a);b&&a.With({id:b});this.Push(a)}})});f.Register.StartupHook("TeX Jax Ready",function(){var a=MathJax.InputJax.TeX,b=d.filter;a.Parse.Augment({Require:function(a){a=this.GetArgument(a).replace(/.*\//,"").replace(/[^a-z0-9_.-]/ig,"");(a=d.filterRequire(a))&&this.Extension(null,a)},MmlFilterAttribute:function(a,c){b[a]&&(c=d[b[a]](c));return c},SetSize:function(b,c){if(c=d.filterSize(c))this.stack.env.size=c,this.Push(a.Stack.Item.style().With({styles:{mathsize:c+"em"}}))}})});f.Register.StartupHook("TeX bbox Ready",function(){MathJax.InputJax.TeX.Parse.Augment({BBoxStyle:function(a){return d.filterStyles(a)}})});f.Register.StartupHook("MathML Jax Ready",function(){var a=d.filter;MathJax.InputJax.MathML.Parse.Augment({filterAttribute:function(b,c){a[b]&&(c=d[a[b]](c));return c}})});f.Startup.signal.Post("Safe Extension Ready");k.loadComplete("[MathJax]/extensions/Safe.js")})(MathJax.Hub,MathJax.Ajax);