Closed
Bug 791526
Opened 12 years ago
Closed 12 years ago
MathJax seems to fail on some (not all!) sites due to enablePrivilege removal
Categories
(Core :: Security: CAPS, defect)
Tracking
()
RESOLVED
FIXED
mozilla18
People
(Reporter: fuxx, Assigned: bholley)
References
(Blocks 1 open bug)
Details
(Keywords: regression)
Attachments
(2 files)
60.85 KB,
image/png
|
Details | |
2.70 KB,
patch
|
bzbarsky
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:18.0) Gecko/18.0 Firefox/18.0
Build ID: 20120915201302
Steps to reproduce:
Installed Nightly 64 bit, then opened https://www.edx.org/courses/MITx/6.002x/2012_Fall/courseware/Week_1/Circuit_Analysis_Toolchest/
Actual results:
All the math was displayed as [Math Processing Error] in red
Expected results:
Math should have displayed properly
This webpage is surely private, I can't access. Can you provide a public page, please?
Reporter | ||
Comment 2•12 years ago
|
||
Erm... The math is broken everywhere. You can open any wikipedia page with math,i.e. http://en.wikipedia.org/wiki/Simple_linear_regression and you will see math processing error.
Just don't forget to switch wikipedia math rendering to "MathJax (experimental; best for most browsers)".
Comment 3•12 years ago
|
||
Reproduced at the Wikipedia page with Nightly 18.0a1 20120918030553 Linux x86_64.
Works with 16.0b2.
OS: Windows 7 → All
I reproduced too. There is this error in the console:
Error: TypeError: MathJax.InputJax.TeX.Definitions.macros is undefined
Source File: http://bits.wikimedia.org/static-1.20wmf11/extensions/Math/modules/MathJax/jax/output/HTML-CSS/jax.js
Line: 15
Mozregression range:
m-c
good=2012-08-23
bad=2012-08-24
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5650196a8c7d&tochange=1c0ac073dc65
The changelog is pretty huge, bissecting needed.
Status: UNCONFIRMED → NEW
tracking-firefox17:
--- → ?
tracking-firefox18:
--- → ?
Ever confirmed: true
Keywords: regression,
regressionwindow-wanted
Version: 18 Branch → 17 Branch
Comment 5•12 years ago
|
||
Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/16e1ff49a6a5
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17 Firefox/17.0a1 ID:20120823114047
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/c1e3da499d87
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17 Firefox/17.0a1 ID:20120823114645
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=16e1ff49a6a5&tochange=c1e3da499d87
Suspected : Bug 757046
Comment 7•12 years ago
|
||
That's somewhat odd. I see no mention of enablePrivilege in the MathJAX source code. And the examples at http://www.mathjax.org/demos/tex-samples/ work fine for me in a nightly...
Updated•12 years ago
|
Summary: Mathml is not processing, getting [Math Processing Error] in all math → MathJax seems to fail on some (not all!) sites due to enablePrivilege removal
Comment 8•12 years ago
|
||
I will try to check if I can reproduce this bug and report it to the MathJax team.
Probably not related, but see this issue on the MathJax tracker:
https://github.com/mathjax/MathJax/issues/256
Comment 9•12 years ago
|
||
OK, I've just tried with a fresh nightly build. First I didn't get the errors on the page mentioned in comment 2 with local fonts installed. But when I uninstall the MathJax fonts, I get
"Can't find a valid font using [TeX]"
and after a moment, the [Math Processing Error] errors appear. On mathjax.org, I don't get the errors but STIX fonts are used instead. Also, I don't have the errors with the MathML or SVG output modes.
So I suspect the problem is with downloadable fonts. When the MathJax fonts are not installed on your system and the Website is not configured to fallback to STIX or image fonts (apparently that's the case in Wikipedia), then you get the [Math Processing Error].
Have there been some changes on the security policy regarding downloadable fonts? Or perhaps MathJax uses enablePrivilege to workaround it?
Comment 10•12 years ago
|
||
> Have there been some changes on the security policy regarding downloadable fonts?
There should not have been, in the checkin range when this bug appeared...
> Or perhaps MathJax uses enablePrivilege to workaround it?
Again, grepping a download of MathJax for enablePrivilege shows nothing over here. So something weird is going on.
Comment 11•12 years ago
|
||
OH! I know what happened. MathJax does all sorts of broken-ass browser sniffing. And in the case when it doesn't sniff a known browser it falls back to "Oh, just break shit" as opposed to "Oh, use standards stuff".
The patch for bug 757046 effectively removed the code that ended up defining window.netscape. And MathJax tests for window.netscape as part of its test for "is Firefox". So now it decides the browser is not Firefox, and falls back to "Oh, just break shit".
I filed https://github.com/mathjax/MathJax/issues/317
Comment 12•12 years ago
|
||
In the short term we may want to put window.netscape back for now, because getting everyone on the web to update MathJax is a pain.
Comment 13•12 years ago
|
||
And in the long term, what MathJax is doing is locking out new browsers and holding back the web...
Comment 14•12 years ago
|
||
OK, I see. So that's the same issue you raised once in the past. MathJax's philosophy is that "it just works" without plugin or font installations. For that purpose it uses fallbacks like Web fonts or images... but ironically, this bad browser sniffing just makes everything fail. I agree with you that MathJax should really focus on newest browsers and remove this image fallback. I'll try to convince Davide.
BTW, people are encouraged to use the MathJax's CDN and most people do that. The upgrade is automatic in that case.
Comment 15•12 years ago
|
||
> I agree with you that MathJax should really focus on newest browsers and remove this
> image fallback.
Well, or make it work. Or something.
Wikipedia doesn't seem to use the CDN, though I could be wrong about its twisty maze of lazy-loading goop.
Comment 16•12 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #11)
> The patch for bug 757046 effectively removed the code that ended up defining
> window.netscape. And MathJax tests for window.netscape as part of its test
> for "is Firefox". So now it decides the browser is not Firefox, and falls
> back to "Oh, just break shit".
Boooo web compatibility issue caused by code removal. Let's add it back in, if it isn't too much work.
Updated•12 years ago
|
Comment 17•12 years ago
|
||
OK, Bugzilla, you suck. I did of course not mean to remove the tracking+ flags. But refreshing the page (been open a while) and then hitting "Save changes" to get myself in the CC seems to sometimes change random fields back to previous values. :-\
Alex: I'd put the +'s back, but I can't. Sorry.
Updated•12 years ago
|
Comment 18•12 years ago
|
||
So Davide seems to agree that it's best to use the Web fonts in general rather than the image fallback.
His detection method (for other uses) is now
((window.netscape != null || window.mozPaintCount != null) &&
document.ATTRIBUTE_NODE != null && !window.opera)
Comment 19•12 years ago
|
||
I fully expect ATTRIBUTE_NODE to die one day. Same with mozPaintCount.
But I'm happy to discuss that over in the MathJax bug.
Reporter | ||
Comment 20•12 years ago
|
||
Is there a reliable and standards compliant way to detect firefox?
Why use things like:
((window.netscape != null || window.mozPaintCount != null) &&
document.ATTRIBUTE_NODE != null && !window.opera)
Also, this comment in mathjax tracker is brilliant:
dpvc, what issues is MathJax having to work around in Gecko? Are there bugs filed on them, do you know?
If I can get you to the point where you don't have to keep sniffing for non-standard stuff to detect Gecko, that would be awesome from my point of view. ;)
Comment 21•12 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #19)
> I fully expect ATTRIBUTE_NODE to die one day. Same with mozPaintCount.
>
> But I'm happy to discuss that over in the MathJax bug.
Yes, my comment was really to say that it's maybe not necessary to restore window.netscape, at least if that's only not to break MathJax. The sniffing test will certainly break again in the future, but at least the most serious issue with Web fonts not used when they can won't happen anymore.
Comment 22•12 years ago
|
||
> Yes, my comment was really to say that it's maybe not necessary to restore window.netscape
A minimal requirement for not restoring it is that Wikipedia and the other site reported in this bug not be broken, yes?
Once that happens, we can talk! ;)
> Is there a reliable and standards compliant way to detect firefox?
Sure, like checking the UA string for "Gecko/". But usually once you start worrying about "Firefox" as opposed to "specific Firefox versions", you're doing it wrong...
Assignee | ||
Comment 23•12 years ago
|
||
Attachment #665439 -
Flags: review?(bzbarsky)
Comment 24•12 years ago
|
||
Comment on attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1
r=me
I wonder whether it makes sense to make the .netscape getter warn about the property being deprecated and about to go away. Followup on that?
Attachment #665439 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 25•12 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #24)
> Comment on attachment 665439 [details] [diff] [review]
> Temporarily add the |netscape.security| object back in to fix broken browser
> detection. v1
>
> r=me
>
> I wonder whether it makes sense to make the .netscape getter warn about the
> property being deprecated and about to go away. Followup on that?
bug 794923.
Assignee | ||
Comment 26•12 years ago
|
||
Comment on attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1
Arg, m-i is closed.
Anyway, flagging for aurora approval per comment 16.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 757046
User impact if declined: web regressions
Testing completed (on m-c, etc.): none
Risk to taking this patch (and alternatives if risky): extremely low risk. Just moving our early return slightly later.
String or UUID changes made by this patch: None
Attachment #665439 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 27•12 years ago
|
||
Comment 28•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox18:
--- → fixed
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Comment 29•12 years ago
|
||
Comment on attachment 665439 [details] [diff] [review]
Temporarily add the |netscape.security| object back in to fix broken browser detection. v1
low risk, approving for Aurora uplift.
Attachment #665439 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•12 years ago
|
status-firefox17:
--- → affected
Assignee | ||
Comment 30•12 years ago
|
||
Comment 31•12 years ago
|
||
Math on the Wikipedia page works with MathJax on Fx 17.0b6 20121113065533 Linux-x86_64.
You need to log in
before you can comment on or make changes to this bug.
Description
•