From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id OEb/IrDz6mW/bgAA62LTzQ:P1 (envelope-from ) for ; Fri, 08 Mar 2024 12:17:04 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id OEb/IrDz6mW/bgAA62LTzQ (envelope-from ) for ; Fri, 08 Mar 2024 12:17:04 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=qW+ww3Ng; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=posteo.net ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1709896624; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=o1E0GHIPOYdxnBHAlpGAdTEMmAvTlPI3FYy2P19oWe8=; b=E1vbkDTUod3mdut9qMtQ5iI5qwXL7BqSqK5A8fbLp6glnuH1mZ0nj3QYpzTrPOqDxkKoQ0 WmP+CUFF7SK+VOgts+LDNZKjZS0wxBuD7GBnIIOt4+FdoL0eDcyFJsIzpcFM0oP3rC0nTN yZA1OKatIT/qPo2nkuPyPTj9vV1V5+cMbT0eBro/NlbIIk8IWu+d09AQRWOh88i5xOWAoe Q/Iv4yrsbGLomLLoY7VXDtxqu7hJOHMCf2XQ1IXMLndSkRyOmJ97gIhNX1LaJLhqBE5lmp HhbXO6jkzEisAmpyJcFiKPYfPk2DhN4+HzAunxEAw0pAtuXjjV4nQPzJDSuWdA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=qW+ww3Ng; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=posteo.net ARC-Seal: i=1; s=key1; d=yhetil.org; t=1709896624; a=rsa-sha256; cv=none; b=CR+l67P4G1Z5BKuDO/YJSmhyh+9fR4XptvRvLmplimvGh2/QZq39GYB/e7gMKKblsd4ZQV Ua9R3nLp6Bpvu7KNsLjmqjZoWiUYIGJ3hD2sBoYuaI7vqtTYcgu8GOwtF5ieYqqfGRXJMo Tm0mH2dPmu+jQW/omXj/xk/U6TUn3srv0F72DsFkPmI96tVuKoIcuO2A99TrZCceGwQfRH OexiEyv4QbYX0pqfnjnxsQN5Gti/E9sl/O0eVTWnfI2fXy2L6AnfMQoSfOwoBPOyTxF3rQ me1lng20xo1lWkhpsaXMMw6kKaME9kqTs0/4bZRAx1RLzD8QdfFyobOMkzLBpQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 446E836A8E for ; Fri, 8 Mar 2024 12:17:04 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1riY9Q-0006aS-DW; Fri, 08 Mar 2024 06:12:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1riY9I-0006XY-SD for emacs-orgmode@gnu.org; Fri, 08 Mar 2024 06:12:26 -0500 Received: from mout02.posteo.de ([185.67.36.66]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1riY9G-0001Pr-6E for emacs-orgmode@gnu.org; Fri, 08 Mar 2024 06:12:24 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id E7BE6240101 for ; Fri, 8 Mar 2024 12:12:17 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1709896337; bh=oT0q1gkYzxEfeyuFf7O3K9++OYNlycYBiKxTvFcEHv0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type: From; b=qW+ww3NgRtcB7NJcWwClem+jElM/OW5S0WfL6RFu3ad5D00rq3QJvdhNpB+X3Fh2/ z16C1yhee9PK8sX7objOyLfxZZUPFv+L1PxqkqYZZIFa231BX3Nlz/73W/jfwluqov xVMJB6CLpoHXNdgpNkc8LgwPloFc31LOs9KN3+V+SZK8tEIgg1eM2niLdVPlV2TUuJ QncrotkmZUMSzp5foZrOfdAa7ziddyseTclcf16W/29QWPs8yifAM8H1En1Xpb6Sj/ xwSLQRRgAW9v9pbZ+8q/TM6DVkWKSvr6EzGjqpMucSBwWvDT2y/NS07l0ryNPeRIt+ 01fdCcP9ET0cQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4Trk5s0HyFz9rxG; Fri, 8 Mar 2024 12:12:16 +0100 (CET) From: Ihor Radchenko To: Max Nikulin Cc: emacs-orgmode@gnu.org, Martin =?utf-8?Q?Edstr=C3=B6m?= Subject: Re: Warn about shell-expansion in the docstring of org-latex-to-html-convert-command In-Reply-To: <735645dd-1ddf-4579-a6dd-2700f3e83c94@gmail.com> References: <87wmr1rc2w.fsf@localhost> <874jdzjqkk.fsf@localhost> <6e49c590-ad27-4fb0-b1f2-6a89c60a0b58@gmail.com> <87msrncxhq.fsf@localhost> <735645dd-1ddf-4579-a6dd-2700f3e83c94@gmail.com> Date: Fri, 08 Mar 2024 11:16:23 +0000 Message-ID: <87jzmdht2w.fsf@localhost> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net; helo=mout02.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -9.47 X-Spam-Score: -9.47 X-Migadu-Queue-Id: 446E836A8E X-TUID: XXCVD3RWrqgT --=-=-= Content-Type: text/plain Max Nikulin writes: >>> It should be more reliable to pass fragment to command stdin. It can be >>> done if %i is missed in `org-latex-to-html-convert-command'. >> >> I agree that it will be more reliable to shell-escape argument. >> However, I am concerned that escaping may break certain uses like >> >> somecommand << EOF >> %i >> EOF >> >> In the above scenario, escaping will break things. > > It is unsafe to use such command. Variable expansion, etc. is performed > inside here document blocks. Try > > cat << EOF > \[f(i), \text{where $i \ne 10$}\] > EOF I did non know this. Thanks for the info. > That is why I proposed to use stdin in the case of missed %i. > > `org-latex-to-html-convert-command' should be set to something like > "latexmlc --profile=math --preload=siunitx.sty - 2>/dev/null" > this case. I decided not to introduce stdin. User can always use echo %i | ... instead. >> That's why I prefer to add a new replacement, not change the meaning of >> %i. We might even remove %i from the docstring, keeping support in the >> code for backwards-compatibility. > > What you calls backward compatibility is actually a means to get strange > results in the case of complex math. It is better to force users to > update configuration (I hope, it actually will not be necessary) and to > ensure safe command without pitfalls related to missed parts of equations. Agree. This breaking change cannot be avoided, unfortunately. Even stripping quotes is unreliable when we use the example from docstring: 'literal:%i'. So, we have to bite the bullet. >> test2.html is rendered *incorrectly* as in the attached screenshot. > > Looks like missed inside > ... Exporting Org document using (setq org-html-with-latex 'html) (setq org-latex-to-html-convert-command "latexmlc 'literal:%i' --profile=math --preload=siunitx.sty 2>/dev/null") renders just fine, so these caveats appear to be terminal-specific. Not our problem. Attaching tentative patch that fixes the problem. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-org-latex-to-mathml-html-convert-command-Prevent-she.patch >From 34e5e14260cf895b32f13ed8f4c2e50684f91baf Mon Sep 17 00:00:00 2001 Message-ID: <34e5e14260cf895b32f13ed8f4c2e50684f91baf.1709896570.git.yantar92@posteo.net> From: Ihor Radchenko Date: Fri, 8 Mar 2024 14:05:12 +0300 Subject: [PATCH] org-latex-to-mathml/html-convert-command: Prevent shell expansion * lisp/org.el (org-create-math-formula): (org-format-latex-as-html): Shell-quote LaTeX fragment text when replacing %i placeholder. This prevents shell expansion of $... and similar constructs inside the code. (org-latex-to-mathml-convert-command): (org-latex-to-html-convert-command): Update the docstring. * etc/ORG-NEWS (~org-latex-to-mathml-convert-command~ and ~org-latex-to-html-convert-command~ shell-escape LaTeX code): Announce the breaking change. Reported-by: Max Nikulin Link: https://orgmode.org/list/735645dd-1ddf-4579-a6dd-2700f3e83c94@gmail.com --- etc/ORG-NEWS | 10 ++++++++++ lisp/org.el | 17 ++++++----------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/etc/ORG-NEWS b/etc/ORG-NEWS index abe62daaf..9f628bc10 100644 --- a/etc/ORG-NEWS +++ b/etc/ORG-NEWS @@ -13,6 +13,16 @@ Please send Org bug reports to mailto:emacs-orgmode@gnu.org. * Version 9.7 (not released yet) ** Important announcements and breaking changes +*** ~org-latex-to-mathml-convert-command~ and ~org-latex-to-html-convert-command~ shell-escape LaTeX code + +Previously, ~org-latex-to-mathml-convert-command~ and +~org-latex-to-html-convert-command~ replaced %i placeholders with raw +LaTeX fragment text, potentially triggered shell-expansion. + +Now, the %i placeholders are shell-escaped to prevent shell expansion - this will prevent. + +The existing customizations that assume no shell-escaping must be updated. + *** When ~org-link-file-path-type~ is a function, its argument is now a filename as it is read by ~org-insert-link~; not an absolute path Previously, when ~org-link-file-path-type~ is set to a function, the diff --git a/lisp/org.el b/lisp/org.el index 33d90506b..a00d50c51 100644 --- a/lisp/org.el +++ b/lisp/org.el @@ -3246,7 +3246,7 @@ (defcustom org-latex-to-mathml-convert-command nil %j: Executable file in fully expanded form as specified by `org-latex-to-mathml-jar-file'. %I: Input LaTeX file in fully expanded form. -%i: The latex fragment to be converted. +%i: Shell-escaped LaTeX fragment to be converted. %o: Output MathML file. This command is used by `org-create-math-formula'. @@ -3255,7 +3255,7 @@ (defcustom org-latex-to-mathml-convert-command nil \"java -jar %j -unicode -force -df %o %I\". When using LaTeXML set this option to -\"latexmlmath \"%i\" --presentationmathml=%o\"." +\"latexmlmath %i --presentationmathml=%o\"." :group 'org-latex :version "24.1" :type '(choice @@ -3268,15 +3268,10 @@ (defcustom org-latex-to-html-convert-command nil directly replace the LaTeX fragment in the resulting HTML. Replace format-specifiers in the command as noted below and use `shell-command' to convert LaTeX to HTML. -%i: The LaTeX fragment to be converted. +%i: The LaTeX fragment to be converted (shell-escaped). For example, this could be used with LaTeXML as -\"latexmlc \\='literal:%i\\=' --profile=math --preload=siunitx.sty 2>/dev/null\". - -The LaTeX fragment is replaced as is, without escaping special shell -syntax. It may be necessary to use single-quotes around \\='%i\\=', not -double-quotes. Else a math fragment such as \"$y = 200$\" may be -expanded to \" = 200\"." +\"latexmlc literal:%i --profile=math --preload=siunitx.sty 2>/dev/null\"." :group 'org-latex :package-version '(Org . "9.4") :type '(choice @@ -16210,7 +16205,7 @@ (defun org-create-math-formula (latex-frag &optional mathml-file) (expand-file-name org-latex-to-mathml-jar-file)))) (?I . ,(shell-quote-argument tmp-in-file)) - (?i . ,latex-frag) + (?i . ,(shell-quote-argument latex-frag)) (?o . ,(shell-quote-argument tmp-out-file))))) mathml shell-command-output) (when (called-interactively-p 'any) @@ -16277,7 +16272,7 @@ (defun org-format-latex-as-html (latex-fragment) "Convert LATEX-FRAGMENT to HTML. This uses `org-latex-to-html-convert-command', which see." (let ((cmd (format-spec org-latex-to-html-convert-command - `((?i . ,latex-fragment))))) + `((?i . ,(shell-quote-argument latex-fragment)))))) (message "Running %s" cmd) (shell-command-to-string cmd))) -- 2.43.0 --=-=-= Content-Type: text/plain -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at --=-=-=--