[tor-bugs] #13548 [Tor Browser]: Create preference to disable MathML

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 9 22:41:55 UTC 2015 

#13548: Create preference to disable MathML
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  mcs
         Type:           |     Status:  needs_revision
  enhancement            |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-security, firefox-patch,
  Browser                |  tbb-4.5-alpha, TorBrowserTeam201503
   Resolution:           |  Parent ID:  #9387
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mcs):

 It turns out that approach 3 (disable special behavior / rendering / etc.
 for MathML tags) is messy. A lot of special behavior is based on the XML
 namespace, so removing that (as the existing patch does) made a lot of
 things simpler. Kathy and I are still looking, but fort approach 3 so far
 we have:
 * In the following two files, we would need to ensure that the mathml.css
 stylesheet is not added to the document:
  * content/mathml/content/src/nsMathMLElement.cpp
  * parser/htmlparser/src/nsExpatDriver.cpp
 * In layout/base/nsCSSFrameConstructor.cpp we would need to avoid calling
 FindMathMLData(). We would also need to add "if (prefIsDisabled)" checks
 in about 6 other places where special behavior is invoked in response to
 the presence of a MathML element (look for kNameSpaceID_MathML in that
 file).
 * In browser/base/content/nsContextMenu.js, we would need to make changes
 to ensure that the "View MathML Source" context menu item is not shown
 when MathML is disabled.
 * We may need to make changes to content/base/src/nsTreeSanitizer.cpp,
 although it is probably OK to allow the math tags through even if MathML
 is disabled.  I am not sure exactly when nsTreeSanitizer is used; maybe
 only when displaying RSS/Atom feeds.

 In summary, a lot of changes are required, which will lead to less
 confidence that we have truly disabled all of the MathML functionality (as
 well as a somewhat complex patch to maintain).

 Opinions? The "swap the namespace" patch that we already posted is a lot
 simpler and we are confident that it disables MathML.  On the other hand,
 because the MathML namespace is lost, it breaks some assumptions made by
 web pages.

 For the record, Kathy is firmly in the "let's go with the existing
 namespace patch" and I am undecided.  But I too do not like the extra
 complexity of approach 3, and MathML is probably uncommon enough that no
 one will complain about the namespace issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13548#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list