TeX not rendered

[drdrew42]

https://openlab.citytech.cuny.edu/ol-webwork/#/problem/local/CoordinatePlaneTrig/ratio-inequality-xyr.pg/question-555

This TeX blob is not rendering, perhaps it's an issue with the "less than" symbol? Just a hunch. < appears in what should be the code that renders as TeX.

[boonebgorges]

Here's what I'm seeing:

You're referring to the part that reads \cos(\theta) < 0, correct?

[drdrew42]

Yeah, that's it.

[moui72]

see also #63

[boonebgorges]

Sorry about the delay on this. MathJax is indicating a parse error, which is almost certainly due to the encoded <. But I can't tell where that encoded character came from without some more investigation.

@drdrew42 Could you please share the original source problem with me, in whatever format it's stored in WeBWorK? Could you also please populate a WWDev problem with the same TeX so that I can determine where in the pipeline the < is getting encoded?

[drdrew42]

Okay, I've imported the corresponding problem set: CoordinatePlaneTrig The offending problem is # 4: 'ratio-inequality-xyr.pg' It seems from the code that it's just a string "<" inside TeX delimiters...

%trig = ();
$trig{1}{sin} = "\sin(\theta) > 0";
$trig{1}{cos} = "\cos(\theta) > 0";
$trig{1}{tan} = "\tan(\theta) > 0";

$trig{2}{sin} = "\sin(\theta) > 0";
$trig{2}{cos} = "\cos(\theta) < 0";
$trig{2}{tan} = "\tan(\theta) < 0";

$trig{3}{sin} = "\sin(\theta) < 0";
$trig{3}{cos} = "\cos(\theta) < 0";
$trig{3}{tan} = "\tan(\theta) > 0";

$trig{4}{sin} = "\sin(\theta) < 0";
$trig{4}{cos} = "\cos(\theta) > 0";
$trig{4}{tan} = "\tan(\theta) < 0";

I don't see any alternate methods for encoding a less-than in TeX, or else I'd experiment on my end.

[boonebgorges]

Excellent, thanks! It's almost certainly one of the sanitization routines on my end that's causing the problem. I'll have a look.

[moui72]

@drdrew42 I am curious about the code you pasted. Is it creating webwork-flavored shortcuts for various TeX strings? is it relevant that the strings on the right of the equals are not actually delimited by TeX mathmode delimiters? e.g. $trig{2}{cos} = "\cos(\theta) < 0"; != $trig{2}{cos} = "$\cos(\theta) < 0$";

[drdrew42]

This is just the hash of strings that could appear in the problem based on randomization. In the actual problem text further down, the randomly selected string appears within TeX delimiters. The quadrant for the solution (theta) is known: $quadrant; and a trig function is selected as a secondary piece of information: $givenIneq

[$trig{$quadrant}{$givenIneq}]

[boonebgorges]

I managed to track down the cause of the issue, but it is hard to solve in a targeted way. Essentially: For security reasons, I limit the HTML tags that are allowed in submitted content (where "submitted" means "comes from either a user or from WeBWorK). The library I use for HTML sanitization escapes non-tag-related tag delimiters - that is, < and > - to the corresponding HTML entities < and >. There's no way to disable this behavior, and I can't remove the tag filter.

As a compromise, I've put something in place that explicitly whitelists < and > in LaTeX blocks, just before it's rendered. There are potential security issues with this, but given the TeX language and the way MathJax works, I'm not sure there's a way around it. We will have to trust our users.

[bree-z]

I think this is looking good, but I'm a little afraid to be the final word here. @moui72 would you mind double checking?

Here are the two problems on OLdev:

http://openlabdev.org/webwork-playground/#:problemId=local/CoordinatePlaneTrig/ratio-inequality-xyr-other.pg http://openlabdev.org/webwork-playground/#:problemId=local/CoordinatePlaneTrig/ratio-inequality-xyr.pg

I tested using these WW problems:

http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/4/?effectiveUser=bzuckerman&key=FJzrLBFM0zAv4TXMTp9A1pam96D1CuvL&user=bzuckerman

http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/4/?key=KiFPNaQZ1zB6jj5MM33z9e4YMmNxHsV6&user=student1&effectiveUser=student1

[moui72]

I think it is good

[boonebgorges]

Thanks all :)