Closed hydrogen602 closed 3 years ago
Thanks for catching this! I didn't realize that <
s and >
s need escaping within attribute quotes. In fact, part of the problem seems to be that HTML allows <
but forbid >
(so outerHTML
includes <
s) while XML allows >
but forbids <
(so <
s are bad in SVG). b108b4e should successfully escape both, at least in my testing. I'll be deploying a fix to the CSAIL server later today; I need to fix some other things first.
FYI, this is now deployed. Let me know if you see any other issues.
Thanks. I found the issue on gather.town, so it might be a while until they update the software.
When using a less than symbol (<) in the latex textbox feature, a faulty svg is produced when downloading the whiteboard as the less than sign is put into a tag property unescaped. This is a snippet of the faulty svg with the unescaped
<
:<tspan data-tex="\frac{x}{n+1}(k-n) < 1" data-display="false" dx="151.14177"> </tspan>
After a bit more testing, I found that the issue can be caused by both
<
and>
, but only if they are in latex mode, i.e.$<$
in a text box will create a problem, but just<
in a textbox, and so not in latex, will be properly escaped.