# MathJax seems to fail on some (not all!) sites due to enablePrivilege removal

RESOLVED FIXED in Firefox 17

Core
Security: CAPS
RESOLVED FIXED
5 years ago
5 years ago

## Tracking

### (Blocks: 1 bug, {regression})

17 Branch
mozilla18
x86
All
regression
Points:
---
Dependency tree / graph
Bug Flags:
 in-testsuite -

## Attachments

### (2 attachments)

 60.85 KB, image/png Details 2.70 KB, patch bz : review+ lsblakk : approval-mozilla-aurora+ Details | Diff | Splinter Review
(Reporter)

### Description

5 years ago
Created attachment 661569 [details]
ff-matml-bug.png

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:18.0) Gecko/18.0 Firefox/18.0
Build ID: 20120915201302

Steps to reproduce:

Installed Nightly 64 bit, then opened https://www.edx.org/courses/MITx/6.002x/2012_Fall/courseware/Week_1/Circuit_Analysis_Toolchest/

Actual results:

All the math was displayed as [Math Processing Error] in red

Expected results:

Math should have displayed properly

### Comment 1

5 years ago
This webpage is surely private, I can't access. Can you provide a public page, please?
(Reporter)

### Comment 2

5 years ago
Erm... The math is broken everywhere. You can open any wikipedia page with math,i.e. http://en.wikipedia.org/wiki/Simple_linear_regression and you will see math processing error.

Just don't forget to switch wikipedia math rendering to "MathJax (experimental; best for most browsers)".

### Comment 3

5 years ago
Reproduced at the Wikipedia page with Nightly 18.0a1 20120918030553 Linux x86_64.

Works with 16.0b2.
OS: Windows 7 → All

### Comment 4

5 years ago
I reproduced too. There is this error in the console:

Error: TypeError: MathJax.InputJax.TeX.Definitions.macros is undefined
Source File: http://bits.wikimedia.org/static-1.20wmf11/extensions/Math/modules/MathJax/jax/output/HTML-CSS/jax.js
Line: 15

Mozregression range:
m-c
good=2012-08-23
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5650196a8c7d&tochange=1c0ac073dc65

The changelog is pretty huge, bissecting needed.
Status: UNCONFIRMED → NEW
tracking-firefox17: --- → ?
tracking-firefox18: --- → ?
Ever confirmed: true
Keywords: regression, regressionwindow-wanted
Version: 18 Branch → 17 Branch

### Comment 5

5 years ago
Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/16e1ff49a6a5
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17 Firefox/17.0a1 ID:20120823114047
http://hg.mozilla.org/integration/mozilla-inbound/rev/c1e3da499d87
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17 Firefox/17.0a1 ID:20120823114645
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=16e1ff49a6a5&tochange=c1e3da499d87

Suspected : Bug 757046
Blocks: 757046
Component: Untriaged → Security: CAPS
Product: Firefox → Core

### Comment 6

5 years ago
Thanks for the bisect. :)
Keywords: regressionwindow-wanted

### Comment 7

5 years ago
That's somewhat odd.  I see no mention of enablePrivilege in the MathJAX source code.  And the examples at http://www.mathjax.org/demos/tex-samples/ work fine for me in a nightly...

### Updated

5 years ago
Summary: Mathml is not processing, getting [Math Processing Error] in all math → MathJax seems to fail on some (not all!) sites due to enablePrivilege removal

5 years ago
Blocks: 745687

### Comment 8

5 years ago
I will try to check if I can reproduce this bug and report it to the MathJax team.

Probably not related, but see this issue on the MathJax tracker:

https://github.com/mathjax/MathJax/issues/256

### Comment 9

5 years ago
OK, I've just tried with a fresh nightly build. First I didn't get the errors on the page mentioned in comment 2 with local fonts installed. But when I uninstall the MathJax fonts, I get

"Can't find a valid font using [TeX]"

and after a moment, the [Math Processing Error] errors appear. On mathjax.org, I don't get the errors but STIX fonts are used instead. Also, I don't have the errors with the MathML or SVG output modes.

So I suspect the problem is with downloadable fonts. When the MathJax fonts are not installed on your system and the Website is not configured to fallback to STIX or image fonts (apparently that's the case in Wikipedia), then you get the [Math Processing Error].

Have there been some changes on the security policy regarding downloadable fonts? Or perhaps MathJax uses enablePrivilege to workaround it?

### Comment 10

5 years ago
> Have there been some changes on the security policy regarding downloadable fonts?

There should not have been, in the checkin range when this bug appeared...

> Or perhaps MathJax uses enablePrivilege to workaround it?

Again, grepping a download of MathJax for enablePrivilege shows nothing over here.  So something weird is going on.

### Comment 11

5 years ago
OH!  I know what happened.  MathJax does all sorts of broken-ass browser sniffing.  And in the case when it doesn't sniff a known browser it falls back to "Oh, just break shit" as opposed to "Oh, use standards stuff".

The patch for bug 757046 effectively removed the code that ended up defining window.netscape.  And MathJax tests for window.netscape as part of its test for "is Firefox".  So now it decides the browser is not Firefox, and falls back to "Oh, just break shit".

I filed https://github.com/mathjax/MathJax/issues/317

### Comment 12

5 years ago
In the short term we may want to put window.netscape back for now, because getting everyone on the web to update MathJax is a pain.

### Comment 13

5 years ago
And in the long term, what MathJax is doing is locking out new browsers and holding back the web...

### Comment 14

5 years ago
OK, I see. So that's the same issue you raised once in the past. MathJax's philosophy is that "it just works" without plugin or font installations. For that purpose it uses fallbacks like Web fonts or images... but ironically, this bad browser sniffing just makes everything fail. I agree with you that MathJax should really focus on newest browsers and remove this image fallback. I'll try to convince Davide.

BTW, people are encouraged to use the MathJax's CDN and most people do that. The upgrade is automatic in that case.

### Comment 15

5 years ago
> I agree with you that MathJax should really focus on newest browsers and remove this
> image fallback.

Well, or make it work.  Or something.

Wikipedia doesn't seem to use the CDN, though I could be wrong about its twisty maze of lazy-loading goop.

### Comment 16

5 years ago
(In reply to Boris Zbarsky (:bz) from comment #11)
> The patch for bug 757046 effectively removed the code that ended up defining
> window.netscape.  And MathJax tests for window.netscape as part of its test
> for "is Firefox".  So now it decides the browser is not Firefox, and falls
> back to "Oh, just break shit".

Boooo web compatibility issue caused by code removal. Let's add it back in, if it isn't too much work.
Assignee: nobody → bobbyholley+bmo
tracking-firefox17: ? → +
tracking-firefox18: ? → +

### Updated

5 years ago
tracking-firefox17: + → ?
tracking-firefox18: + → ?

### Comment 17

5 years ago
OK, Bugzilla, you suck. I did of course not mean to remove the tracking+ flags. But refreshing the page (been open a while) and then hitting "Save changes" to get myself in the CC seems to sometimes change random fields back to previous values. :-\

Alex: I'd put the +'s back, but I can't. Sorry.

### Updated

5 years ago
tracking-firefox17: ? → +
tracking-firefox18: ? → +

### Comment 18

5 years ago
So Davide seems to agree that it's best to use the Web fonts in general rather than the image fallback.

His detection method (for other uses) is now

((window.netscape != null || window.mozPaintCount != null) &&
document.ATTRIBUTE_NODE != null && !window.opera)

### Comment 19

5 years ago
I fully expect ATTRIBUTE_NODE to die one day.  Same with mozPaintCount.

But I'm happy to discuss that over in the MathJax bug.
(Reporter)

### Comment 20

5 years ago
Is there a reliable and standards compliant way to detect firefox?

Why use things like:
((window.netscape != null || window.mozPaintCount != null) &&
document.ATTRIBUTE_NODE != null && !window.opera)

Also, this comment in mathjax tracker is brilliant:

dpvc, what issues is MathJax having to work around in Gecko? Are there bugs filed on them, do you know?

If I can get you to the point where you don't have to keep sniffing for non-standard stuff to detect Gecko, that would be awesome from my point of view. ;)

### Comment 21

5 years ago
(In reply to Boris Zbarsky (:bz) from comment #19)
> I fully expect ATTRIBUTE_NODE to die one day.  Same with mozPaintCount.
>
> But I'm happy to discuss that over in the MathJax bug.

Yes, my comment was really to say that it's maybe not necessary to restore window.netscape, at least if that's only not to break MathJax. The sniffing test will certainly break again in the future, but at least the most serious issue with Web fonts not used when they can won't happen anymore.

### Comment 22

5 years ago
> Yes, my comment was really to say that it's maybe not necessary to restore window.netscape

A minimal requirement for not restoring it is that Wikipedia and the other site reported in this bug not be broken, yes?

Once that happens, we can talk!  ;)

> Is there a reliable and standards compliant way to detect firefox?

Sure, like checking the UA string for "Gecko/".  But usually once you start worrying about "Firefox" as opposed to "specific Firefox versions", you're doing it wrong...
(Assignee)

### Comment 23

5 years ago
Created attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1
Attachment #665439 - Flags: review?(bzbarsky)

### Comment 24

5 years ago
Comment on attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1

r=me

I wonder whether it makes sense to make the .netscape getter warn about the property being deprecated and about to go away.  Followup on that?
Attachment #665439 - Flags: review?(bzbarsky) → review+
(Assignee)

### Comment 25

5 years ago
(In reply to Boris Zbarsky (:bz) from comment #24)
> Comment on attachment 665439 [details] [diff] [review]
> Temporarily add the |netscape.security| object back in to fix broken browser
> detection. v1
>
> r=me
>
> I wonder whether it makes sense to make the .netscape getter warn about the
> property being deprecated and about to go away.  Followup on that?

bug 794923.
(Assignee)

### Comment 26

5 years ago
Comment on attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1

Arg, m-i is closed.

Anyway, flagging for aurora approval per comment 16.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 757046
User impact if declined: web regressions
Testing completed (on m-c, etc.): none
Risk to taking this patch (and alternatives if risky): extremely low risk. Just moving our early return slightly later.
String or UUID changes made by this patch: None
Attachment #665439 - Flags: approval-mozilla-aurora?
(Assignee)

### Comment 27

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/7f49954c2acf

### Comment 28

5 years ago
https://hg.mozilla.org/mozilla-central/rev/7f49954c2acf
Status: NEW → RESOLVED
Last Resolved: 5 years ago
status-firefox18: --- → fixed
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla18

### Comment 29

5 years ago
Comment on attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1

low risk, approving for Aurora uplift.
Attachment #665439 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

### Updated

5 years ago
status-firefox17: --- → affected
(Assignee)

### Comment 30

5 years ago
https://hg.mozilla.org/releases/mozilla-aurora/rev/bd0f8cb6c50b
status-firefox17: affected → fixed

### Comment 31

5 years ago
Math on the Wikipedia page works with MathJax on Fx 17.0b6 20121113065533 Linux-x86_64.
You need to log in before you can comment on or make changes to this bug.