ndwarshuis
/
org-mode
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

org-latex-to-mathml/html-convert-command: Prevent shell expansion 

* lisp/org.el (org-create-math-formula):
(org-format-latex-as-html): Shell-quote LaTeX fragment text when
replacing %i placeholder.  This prevents shell expansion of
$... and similar constructs inside the code.
(org-latex-to-mathml-convert-command):
(org-latex-to-html-convert-command): Update the docstring.
* etc/ORG-NEWS (~org-latex-to-mathml-convert-command~ and
~org-latex-to-html-convert-command~ shell-escape LaTeX code): Announce
the breaking change.
* doc/org-manual.org (LaTeX math snippets): Update example.

Reported-by: Max Nikulin <manikulin@gmail.com>
Link: https://orgmode.org/list/735645dd-1ddf-4579-a6dd-2700f3e83c94@gmail.com
This commit is contained in:
Ihor Radchenko 2024-03-08 14:05:12 +03:00
parent 1d86651bef
commit a698d073a1
No known key found for this signature in database
GPG Key ID: 6470762A7DA11D8B
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/org-manual.org
View File

@ -15177,7 +15177,7 @@ document in one of the following ways:
#+begin_src emacs-lisp #+begin_src emacs-lisp
(setq org-latex-to-mathml-convert-command (setq org-latex-to-mathml-convert-command
"latexmlmath \"%i\" --presentationmathml=%o") "latexmlmath %i --presentationmathml=%o")
#+end_src #+end_src
To quickly verify the reliability of the LaTeX-to-MathML To quickly verify the reliability of the LaTeX-to-MathML

14
etc/ORG-NEWS
View File

@ -13,6 +13,20 @@ Please send Org bug reports to mailto:emacs-orgmode@gnu.org.
* Version 9.7 (not released yet) * Version 9.7 (not released yet)
** Important announcements and breaking changes ** Important announcements and breaking changes
*** ~org-latex-to-mathml-convert-command~ and ~org-latex-to-html-convert-command~ may need to be adjusted
Previously, =%i= placeholders in the
~org-latex-to-mathml-convert-command~ and
~org-latex-to-html-convert-command~ user options were replaced with
raw LaTeX fragment text, potentially triggering shell-expansion and
incorrect result.
Now, the =%i= placeholders are shell-escaped to prevent shell
expansion.
If you have single or double quotes around =%i= then update
customizations and remove quotes.
*** Org mode faces are now consistently combined, with markup faces taking precedence over the containing element faces *** Org mode faces are now consistently combined, with markup faces taking precedence over the containing element faces
Previously, fontification of inline source blocks, macros, footnotes, Previously, fontification of inline source blocks, macros, footnotes,

21
lisp/org.el
View File

@ -3266,7 +3266,9 @@ Replace format-specifiers in the command as noted below and use
%j: Executable file in fully expanded form as specified by %j: Executable file in fully expanded form as specified by
`org-latex-to-mathml-jar-file'. `org-latex-to-mathml-jar-file'.
%I: Input LaTeX file in fully expanded form. %I: Input LaTeX file in fully expanded form.
%i: The latex fragment to be converted. %i: Shell-escaped LaTeX fragment to be converted.
It must not be used inside a quoted argument, the result of %i
expansion inside a quoted argument is undefined.
%o: Output MathML file. %o: Output MathML file.
This command is used by `org-create-math-formula'. This command is used by `org-create-math-formula'.
@ -3275,7 +3277,7 @@ When using MathToWeb as the converter, set this option to
\"java -jar %j -unicode -force -df %o %I\". \"java -jar %j -unicode -force -df %o %I\".
When using LaTeXML set this option to When using LaTeXML set this option to
\"latexmlmath \"%i\" --presentationmathml=%o\"." \"latexmlmath %i --presentationmathml=%o\"."
:group 'org-latex :group 'org-latex
:version "24.1" :version "24.1"
:type '(choice :type '(choice
@ -3288,15 +3290,12 @@ This command is very open-ended: the output of the command will
directly replace the LaTeX fragment in the resulting HTML. directly replace the LaTeX fragment in the resulting HTML.
Replace format-specifiers in the command as noted below and use Replace format-specifiers in the command as noted below and use
`shell-command' to convert LaTeX to HTML. `shell-command' to convert LaTeX to HTML.
%i: The LaTeX fragment to be converted. %i: The LaTeX fragment to be converted (shell-escaped).
It must not be used inside a quoted argument, the result of %i
expansion inside a quoted argument is undefined.
For example, this could be used with LaTeXML as For example, this could be used with LaTeXML as
\"latexmlc \\='literal:%i\\=' --profile=math --preload=siunitx.sty 2>/dev/null\". \"latexmlc literal:%i --profile=math --preload=siunitx.sty 2>/dev/null\"."
The LaTeX fragment is replaced as is, without escaping special shell
syntax. It may be necessary to use single-quotes around \\='%i\\=', not
double-quotes. Else a math fragment such as \"$y = 200$\" may be
expanded to \" = 200\"."
:group 'org-latex :group 'org-latex
:package-version '(Org . "9.4") :package-version '(Org . "9.4")
:type '(choice :type '(choice
@ -16350,7 +16349,7 @@ inspection."
(expand-file-name (expand-file-name
org-latex-to-mathml-jar-file)))) org-latex-to-mathml-jar-file))))
(?I . ,(shell-quote-argument tmp-in-file)) (?I . ,(shell-quote-argument tmp-in-file))
(?i . ,latex-frag) (?i . ,(shell-quote-argument latex-frag))
(?o . ,(shell-quote-argument tmp-out-file))))) (?o . ,(shell-quote-argument tmp-out-file)))))
mathml shell-command-output) mathml shell-command-output)
(when (called-interactively-p 'any) (when (called-interactively-p 'any)
@ -16418,7 +16417,7 @@ inspection."
"Convert LATEX-FRAGMENT to HTML. "Convert LATEX-FRAGMENT to HTML.
This uses `org-latex-to-html-convert-command', which see." This uses `org-latex-to-html-convert-command', which see."
(let ((cmd (format-spec org-latex-to-html-convert-command (let ((cmd (format-spec org-latex-to-html-convert-command
`((?i . ,latex-fragment))))) `((?i . ,(shell-quote-argument latex-fragment))))))
(message "Running %s" cmd) (message "Running %s" cmd)
(shell-command-to-string cmd))) (shell-command-to-string cmd)))