Skip to content

[FR] Update MathJax src in gitbook template to latest version of 2.7 #1354

New issue
New issue
Closed
#1355
Closed
[FR] Update MathJax src in gitbook template to latest version of 2.7#1354
#1355
Labels
RStudio IDEconcerns the rstudio ide
@scarnecchia

Description

@scarnecchia
scarnecchia
opened on Jun 29, 2022

PR #937 is looking into making the MathJax version customizable. In the meantime, the template files reference the version hosted at https://mathjax.rstudio.com/latest/. Currently this is MathJax.js 2.7.2. Versions prior to 2.7.4 contain an XSS vulnerability (CVE-2018-1999024)

There's also a issue open to patch the embedded version in RStudio.

A simple way to patch this issue would be to update the src in the gitbook (and bs4) templates to point to another source to ensure that the resulting webpages are pulling the latest version of the 2.7.x family, such as: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js?config=TeX-MML-AM_CHTML

Other than the fact that bookdown is maintained by RStudio, is there a particular reason for pointing to https://mathjax.rstudio.com/latest/?

If not, I'm happy to open a PR and make the updates.

Metadata

Metadata

Assignees

No one assigned

    Labels

    RStudio IDEconcerns the rstudio ide

    Type

    No type

    Projects

    R Markdown Team Projects

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions