Bug 791526 - MathJax seems to fail on some (not all!) sites due to enablePrivilege removal
 Summary: MathJax seems to fail on some (not all!) sites due to enablePrivilege removal
 Status: RESOLVED FIXED regression Core Components Security: CAPS (show other bugs) 17 Branch x86 All -- normal (vote) mozilla18 Bobby Holley (:bholley) (busy with Stylo) Selena Deckelmann :selenamarie :selena use ni? mathjax 757046 Show dependency tree / graph

Reported: 2012-09-16 00:46 PDT by Sergey Fukanchik
Modified: 2012-11-19 05:41 PST (History)
13 users (show)
ryanvm: in‑testsuite-
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
 tracking-firefox17: + status-firefox17: fixed tracking-firefox18: + status-firefox18: fixed

Attachments
ff-matml-bug.png (60.85 KB, image/png)
2012-09-16 00:46 PDT, Sergey Fukanchik
no flags Details
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1 (2.70 KB, patch)
2012-09-27 07:22 PDT, Bobby Holley (:bholley) (busy with Stylo)
bzbarsky: review+
lukasblakk+bugs: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

 Sergey Fukanchik 2012-09-16 00:46:54 PDT Created attachment 661569 [details] ff-matml-bug.png User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:18.0) Gecko/18.0 Firefox/18.0 Build ID: 20120915201302 Steps to reproduce: Installed Nightly 64 bit, then opened https://www.edx.org/courses/MITx/6.002x/2012_Fall/courseware/Week_1/Circuit_Analysis_Toolchest/ Actual results: All the math was displayed as [Math Processing Error] in red Expected results: Math should have displayed properly Loic 2012-09-17 06:12:15 PDT This webpage is surely private, I can't access. Can you provide a public page, please? Sergey Fukanchik 2012-09-17 06:48:06 PDT Erm... The math is broken everywhere. You can open any wikipedia page with math,i.e. http://en.wikipedia.org/wiki/Simple_linear_regression and you will see math processing error. Just don't forget to switch wikipedia math rendering to "MathJax (experimental; best for most browsers)". [:Aleksej] 2012-09-19 11:24:05 PDT Reproduced at the Wikipedia page with Nightly 18.0a1 20120918030553 Linux x86_64. Works with 16.0b2. Loic 2012-09-19 14:09:55 PDT I reproduced too. There is this error in the console: Error: TypeError: MathJax.InputJax.TeX.Definitions.macros is undefined Source File: http://bits.wikimedia.org/static-1.20wmf11/extensions/Math/modules/MathJax/jax/output/HTML-CSS/jax.js Line: 15 Mozregression range: m-c good=2012-08-23 bad=2012-08-24 http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5650196a8c7d&tochange=1c0ac073dc65 The changelog is pretty huge, bissecting needed. Alice0775 White 2012-09-19 22:34:33 PDT Regression window(m-i) Good: http://hg.mozilla.org/integration/mozilla-inbound/rev/16e1ff49a6a5 Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17 Firefox/17.0a1 ID:20120823114047 Bad: http://hg.mozilla.org/integration/mozilla-inbound/rev/c1e3da499d87 Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17 Firefox/17.0a1 ID:20120823114645 Pushlog: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=16e1ff49a6a5&tochange=c1e3da499d87 Suspected : Bug 757046 Loic 2012-09-20 00:09:49 PDT Thanks for the bisect. :) Boris Zbarsky [:bz] (still a bit busy) 2012-09-20 11:19:33 PDT That's somewhat odd. I see no mention of enablePrivilege in the MathJAX source code. And the examples at http://www.mathjax.org/demos/tex-samples/ work fine for me in a nightly... Frédéric Wang (:fredw) 2012-09-21 01:16:10 PDT I will try to check if I can reproduce this bug and report it to the MathJax team. Probably not related, but see this issue on the MathJax tracker: https://github.com/mathjax/MathJax/issues/256 Frédéric Wang (:fredw) 2012-09-21 03:05:53 PDT OK, I've just tried with a fresh nightly build. First I didn't get the errors on the page mentioned in comment 2 with local fonts installed. But when I uninstall the MathJax fonts, I get "Can't find a valid font using [TeX]" and after a moment, the [Math Processing Error] errors appear. On mathjax.org, I don't get the errors but STIX fonts are used instead. Also, I don't have the errors with the MathML or SVG output modes. So I suspect the problem is with downloadable fonts. When the MathJax fonts are not installed on your system and the Website is not configured to fallback to STIX or image fonts (apparently that's the case in Wikipedia), then you get the [Math Processing Error]. Have there been some changes on the security policy regarding downloadable fonts? Or perhaps MathJax uses enablePrivilege to workaround it? Boris Zbarsky [:bz] (still a bit busy) 2012-09-21 05:44:17 PDT > Have there been some changes on the security policy regarding downloadable fonts? There should not have been, in the checkin range when this bug appeared... > Or perhaps MathJax uses enablePrivilege to workaround it? Again, grepping a download of MathJax for enablePrivilege shows nothing over here. So something weird is going on. Boris Zbarsky [:bz] (still a bit busy) 2012-09-21 05:51:24 PDT OH! I know what happened. MathJax does all sorts of broken-ass browser sniffing. And in the case when it doesn't sniff a known browser it falls back to "Oh, just break shit" as opposed to "Oh, use standards stuff". The patch for bug 757046 effectively removed the code that ended up defining window.netscape. And MathJax tests for window.netscape as part of its test for "is Firefox". So now it decides the browser is not Firefox, and falls back to "Oh, just break shit". I filed https://github.com/mathjax/MathJax/issues/317 Boris Zbarsky [:bz] (still a bit busy) 2012-09-21 05:54:44 PDT In the short term we may want to put window.netscape back for now, because getting everyone on the web to update MathJax is a pain. Boris Zbarsky [:bz] (still a bit busy) 2012-09-21 05:57:49 PDT And in the long term, what MathJax is doing is locking out new browsers and holding back the web... Frédéric Wang (:fredw) 2012-09-21 06:07:34 PDT OK, I see. So that's the same issue you raised once in the past. MathJax's philosophy is that "it just works" without plugin or font installations. For that purpose it uses fallbacks like Web fonts or images... but ironically, this bad browser sniffing just makes everything fail. I agree with you that MathJax should really focus on newest browsers and remove this image fallback. I'll try to convince Davide. BTW, people are encouraged to use the MathJax's CDN and most people do that. The upgrade is automatic in that case. Boris Zbarsky [:bz] (still a bit busy) 2012-09-21 06:12:50 PDT > I agree with you that MathJax should really focus on newest browsers and remove this > image fallback. Well, or make it work. Or something. Wikipedia doesn't seem to use the CDN, though I could be wrong about its twisty maze of lazy-loading goop. Alex Keybl [:akeybl] 2012-09-21 17:14:21 PDT (In reply to Boris Zbarsky (:bz) from comment #11) > The patch for bug 757046 effectively removed the code that ended up defining > window.netscape. And MathJax tests for window.netscape as part of its test > for "is Firefox". So now it decides the browser is not Firefox, and falls > back to "Oh, just break shit". Boooo web compatibility issue caused by code removal. Let's add it back in, if it isn't too much work. :Gijs 2012-09-22 00:30:20 PDT OK, Bugzilla, you suck. I did of course not mean to remove the tracking+ flags. But refreshing the page (been open a while) and then hitting "Save changes" to get myself in the CC seems to sometimes change random fields back to previous values. :-\ Alex: I'd put the +'s back, but I can't. Sorry. Frédéric Wang (:fredw) 2012-09-24 23:43:48 PDT So Davide seems to agree that it's best to use the Web fonts in general rather than the image fallback. His detection method (for other uses) is now ((window.netscape != null || window.mozPaintCount != null) && document.ATTRIBUTE_NODE != null && !window.opera) Boris Zbarsky [:bz] (still a bit busy) 2012-09-24 23:45:08 PDT I fully expect ATTRIBUTE_NODE to die one day. Same with mozPaintCount. But I'm happy to discuss that over in the MathJax bug. Sergey Fukanchik 2012-09-25 01:35:44 PDT Is there a reliable and standards compliant way to detect firefox? Why use things like: ((window.netscape != null || window.mozPaintCount != null) && document.ATTRIBUTE_NODE != null && !window.opera) Also, this comment in mathjax tracker is brilliant: dpvc, what issues is MathJax having to work around in Gecko? Are there bugs filed on them, do you know? If I can get you to the point where you don't have to keep sniffing for non-standard stuff to detect Gecko, that would be awesome from my point of view. ;) Frédéric Wang (:fredw) 2012-09-25 02:16:49 PDT (In reply to Boris Zbarsky (:bz) from comment #19) > I fully expect ATTRIBUTE_NODE to die one day. Same with mozPaintCount. > > But I'm happy to discuss that over in the MathJax bug. Yes, my comment was really to say that it's maybe not necessary to restore window.netscape, at least if that's only not to break MathJax. The sniffing test will certainly break again in the future, but at least the most serious issue with Web fonts not used when they can won't happen anymore. Boris Zbarsky [:bz] (still a bit busy) 2012-09-25 05:36:25 PDT > Yes, my comment was really to say that it's maybe not necessary to restore window.netscape A minimal requirement for not restoring it is that Wikipedia and the other site reported in this bug not be broken, yes? Once that happens, we can talk! ;) > Is there a reliable and standards compliant way to detect firefox? Sure, like checking the UA string for "Gecko/". But usually once you start worrying about "Firefox" as opposed to "specific Firefox versions", you're doing it wrong... Bobby Holley (:bholley) (busy with Stylo) 2012-09-27 07:22:24 PDT Created attachment 665439 [details] [diff] [review] Temporarily add the |netscape.security| object back in to fix broken browser detection. v1 Boris Zbarsky [:bz] (still a bit busy) 2012-09-27 07:29:46 PDT Comment on attachment 665439 [details] [diff] [review] Temporarily add the |netscape.security| object back in to fix broken browser detection. v1 r=me I wonder whether it makes sense to make the .netscape getter warn about the property being deprecated and about to go away. Followup on that? Bobby Holley (:bholley) (busy with Stylo) 2012-09-27 07:32:24 PDT (In reply to Boris Zbarsky (:bz) from comment #24) > Comment on attachment 665439 [details] [diff] [review] > Temporarily add the |netscape.security| object back in to fix broken browser > detection. v1 > > r=me > > I wonder whether it makes sense to make the .netscape getter warn about the > property being deprecated and about to go away. Followup on that? bug 794923. Bobby Holley (:bholley) (busy with Stylo) 2012-09-27 07:42:16 PDT Comment on attachment 665439 [details] [diff] [review] Temporarily add the |netscape.security| object back in to fix broken browser detection. v1 Arg, m-i is closed. Anyway, flagging for aurora approval per comment 16. [Approval Request Comment] Bug caused by (feature/regressing bug #): 757046 User impact if declined: web regressions Testing completed (on m-c, etc.): none Risk to taking this patch (and alternatives if risky): extremely low risk. Just moving our early return slightly later. String or UUID changes made by this patch: None Bobby Holley (:bholley) (busy with Stylo) 2012-09-27 10:51:15 PDT https://hg.mozilla.org/integration/mozilla-inbound/rev/7f49954c2acf Ryan VanderMeulen [:RyanVM] 2012-09-27 20:15:11 PDT https://hg.mozilla.org/mozilla-central/rev/7f49954c2acf Lukas Blakk [:lsblakk] use ?needinfo 2012-10-01 15:25:09 PDT Comment on attachment 665439 [details] [diff] [review] Temporarily add the |netscape.security| object back in to fix broken browser detection. v1 low risk, approving for Aurora uplift. Bobby Holley (:bholley) (busy with Stylo) 2012-10-02 02:02:26 PDT https://hg.mozilla.org/releases/mozilla-aurora/rev/bd0f8cb6c50b [:Aleksej] 2012-11-19 05:41:57 PST Math on the Wikipedia page works with MathJax on Fx 17.0b6 20121113065533 Linux-x86_64.

 Note You need to log in before you can comment on or make changes to this bug.