MathML 4 extensions for alignment and possible deprecation of <maligngroup/> and <malignmark/> #181
Comments
NSoiffer
added
compatibility
fred-wang
removed
the
need resolution
|
Hello. I was looking for an appropriate issue to attach a recent piece of news I spotted, and since this issue discusses Summarized as:
This might be relevant if you're searching for additional reasons for deprecation. |
|
Kind of weird that it is mglyph and malignmark and not maligngroup. I read
the link and there was no hint as to why those two and not maligngroup or
any other element with empty content.
…On Fri, Oct 9, 2020 at 4:02 PM Deyan Ginev ***@***.***> wrote:
Hello. I was looking for an appropriate issue to attach a recent piece of
news I spotted, and since this issue discusses malignmark, it seems
appropriate. There is a recent post about bypassing the sanitization of
DOMPurify through an abuse of parsing MathML in HTML, details here:
https://portswigger.net/daily-swig/dompurify-mutation-xss-bypass-achieved-through-mathml-namespace-confusion
Summarized as:
In the MathML namespace, two special elements – mglyph and malignmark –
allow the creation of a markup that is “in HTML namespace, but on reparsing
it is in MathML namespace, [meaning that] the subsequent style tag [is]
parsed differently and leading to XSS,” the researcher explained.
This might be relevant if you're searching for additional reasons for
deprecation.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#181 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALZM3HME3RMGCKAY6HMDXTSJ6JBXANCNFSM4KCGBEGA>
.
|
|
On Thu, 15 Oct 2020 at 21:41, NSoiffer ***@***.***> wrote:
Kind of weird that it is mglyph and malignmark and not maligngroup. I read
the link and there was no hint as to why those two and not maligngroup or
any other element with empty content.
maligngroup is only used in mathml containers like mrow so is not a problem.
mglyph is allowed in token elements and in a mathml-in-html elements token
elements are the entry point for _html_ so most elements inside an <mtext>
are html elements except for those two which stay in the mathml namespace.
…
On Fri, Oct 9, 2020 at 4:02 PM Deyan Ginev ***@***.***>
wrote:
> Hello. I was looking for an appropriate issue to attach a recent piece of
> news I spotted, and since this issue discusses malignmark, it seems
> appropriate. There is a recent post about bypassing the sanitization of
> DOMPurify through an abuse of parsing MathML in HTML, details here:
>
>
https://portswigger.net/daily-swig/dompurify-mutation-xss-bypass-achieved-through-mathml-namespace-confusion
>
> Summarized as:
>
> In the MathML namespace, two special elements – mglyph and malignmark –
> allow the creation of a markup that is “in HTML namespace, but on
reparsing
> it is in MathML namespace, [meaning that] the subsequent style tag [is]
> parsed differently and leading to XSS,” the researcher explained.
>
> This might be relevant if you're searching for additional reasons for
> deprecation.
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <
#181 (comment)
>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AALZM3HME3RMGCKAY6HMDXTSJ6JBXANCNFSM4KCGBEGA
>
> .
>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#181 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJVYAXNEM475TJ2U7M7XXDSK5M6FANCNFSM4KCGBEGA>
.
|
|
Thanks for the explanation -- that makes sense.
|
|
the schema has been updated to restrict use of malignmark, and to remove grouplaign attribute except in legacy schema |
|
The group tentatively agreed that these are no longer needed: they aren't implemented in browsers and are rarely generated. The main use is to get alignment right at the character level (e.g., decimal alignment). @davidcarlisle pointed out that there is a Unicode space character (U+2007) that is meant to be the width of a digit and that this can be used as padding to get decimal alignment to work. I pointed out that with intent table properties, the accessibility problem of splitting equations across columns goes away. This section (which is somewhat simplified from MathML 3) still is quite large, so removing this would be a good simplification to the spec and help align it with it. @MurrayIII currently uses |
|
For the equation
Word copies the following MathML |
|
Reformatted the above MathML to be more readable: This makes it easier to see the |
|
If I change that example to 103 rather than 13, so the expressions have different lengths that renders (in Edge here) as
So there is no alignment at all visually (similarly in firefox) If I add to get mathjax rendering it still doesn't align:
|
|
Here is a Nov 2024, Chrome workaround for that example using https://codepen.io/dginev/pen/XWvGEEZ
|
|
@dginev ooh scary, I can confirm that works (and essentially works the same way in HTML table markup) So the containing box for a table cell for the purpose of float positioning is the implicit column box? I tried to navigate mdn or the css specs to find a clear statement on what's supposed to happen if you apply |
Indeed, just finding things that work by analogy with HTML. |
|
yes right aligning a div in its container with float:right is clear enough but It had never occurred to me you could apply it to a table cell or where it would float to if you did. It's clearly legal (as I found documentation that using float implicitly changes the table-cell display property to block) but I couldn't find a clear description of what happens. Nice example in any case |
|
with firefox it seems I just need firefox
edge
|
|
Can someone with Safari verify @davidcarlisle's solution works on Safari? If so, it seems like there is a reasonable solution for dealing with Word's output and we can simplify the MathML full spec and get it in closer agreement to core. Given this solution, it seems highly unlikely even this scaled down version of |
|
Here is the output from firefox (left) and safari on the right: 
|
thanks |
|
@NSoiffer so looks like it basically works in chrome based browsers., firefox and Safari |
Having just implemented a polyfill for elementary math, that got me thinking about some related ideas:
mlongdiv, butmstack).There are a few complications such as decimal alignment of the coefficients:
Note that alignment requires knowing what characters/operators act as column separators (e.g.,
+and-, along with=and a few other relational operators). These would be inside ofmoelements, so potentially anymoelement could be a separator, or maybe an attribute specifies what the separators are (something to think about/discuss).The above example is taken from the MathML 3 spec for
maligngroupandmalignmark. I think only MathPlayer ever implemented those elements and I suspect that you can count on your fingers the number of times they have been used. It is a very complicated feature to implement and to use. In contrast, I think the above features are an incremental extension to elementary math layout, so implementation (especially via an extension to the polyfill I wrote), means that supporting these features would be universal (assuming I or someone else extended the polyfill). Just as important, using this extension would be simple as it is a declarative notation that doesn't require modifying the generated layout other than at a high level (wrapping withmstackormlongdiv). It would be less powerful though.I suspect that this proposed extension to elementary math handles the large majority of cases where people play games with tables to achieve alignment, both in MathML and in TeX. @davidcarlisle: do you have any estimate of how many uses of table for alignment in TeX would be covered by this proposed extension? What are some of the cases that are missed by it?
The text was updated successfully, but these errors were encountered: