Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

  Click here to go to the first staff post in this thread.   Thread: PDF Support?

  1. #21
    Eh, I'll consider it, but I do consider it a kinda sub-par solution.

  2. #22
    Regular Fibriel Solaer's Avatar
    Weasyl
    FibS
    Join Date
    Oct 2013
    Gender
    Male
    Posts
    55
    I'm a bit late, but the PDF format became a royalty-free open standard in 2008, so there should be no legal barrier to its inclusion.

    However, PDF files are a security issue primarily due to vulnerabilities in Acrobat / Reader and a PDF's ability to contain JavaScript. The precise vulnerabilities vary as Adobe struggles to keep fixing them.

    In conclusion I concur with the concept of adding LaTeX support directly if possible and thus bypassing the technical and security issues with PDF completely.



    As a potential compromise, what if limited HTML and CSS were allowed in text submissions? Alignment, margin, divs, that sort of thing. An awful lot can be done with just that, and a basic checker would ensure that all tags that are opened are closed and vice versa to avoid exploits.

    Oh and the server would have to include the user's CSS with its own in a specific order to keep users from interfering with site functionality by changing already defined classes.

  3.   Click here to go to the next staff post in this thread.   #23
    Technically Staff charmander's Avatar
    Weasyl
    charmander
    Join Date
    Sep 2013
    Location
    Kanto
    Posts
    38
    Markdown will allow for limited HTML and CSS – but I imagine it’s more limited than what you had in mind. A safe system, however, is much more difficult than changing the order of CSS rules. Even <style scoped> wouldn’t block the most dangerous things one can do with the right CSS; it would take framing a page. Not a bad idea, but HTML wasn’t one of the formats listed previously.

    pdf.js is a good idea.

    LaTeX support is unlikely on account of

    • Us not necessarily having the packages you want
    • TeX’s Turing-completeness
    • TeX’s ability to access local files to varying degrees depending on distribution
    • The possibility of generating malicious PDFs either way
    Last edited by charmander; 10-19-2013 at 12:17 PM.

  4. #24
    Regular Fibriel Solaer's Avatar
    Weasyl
    FibS
    Join Date
    Oct 2013
    Gender
    Male
    Posts
    55
    Quote Originally Posted by charmander View Post
    Markdown will allow for limited HTML and CSS – but I imagine it’s more limited than what you had in mind. A safe system, however, is much more difficult than changing the order of CSS rules. Even <style scoped> wouldn’t block the most dangerous things one can do with the right CSS; it would take framing a page. Not a bad idea, but HTML wasn’t one of the formats listed previously.

    pdf.js is a good idea.

    LaTeX support is unlikely on account of

    • Us not necessarily having the packages you want
    • TeX’s Turing-completeness
    • TeX’s ability to access local files to varying degrees depending on distribution
    • The possibility of generating malicious PDFs either way
    I'm aware of the extremely complex rules of CSS priority, but I wasn't sure suggesting for the server to run through it and outright remove anything malicious was feasible (though that would be ideal.)

    I understand that switching from rich text to CSS may be very awkward for the OP. It was merely another alternative if the others were implausible.

  5.   Click here to go to the next staff post in this thread.   #25
    Technically Staff charmander's Avatar
    Weasyl
    charmander
    Join Date
    Sep 2013
    Location
    Kanto
    Posts
    38
    We can work with CSS priority and remove “dangerous” or “annoying” rules. The problem is that the list of non-dangerous and non-annoying rules is:

    • color
    • text-decoration
    • font-weight
    • font-style
    • font-variant

  6. #26
    Regular Fibriel Solaer's Avatar
    Weasyl
    FibS
    Join Date
    Oct 2013
    Gender
    Male
    Posts
    55
    After going over my answer mentally and writing several drafts of reply, I somewhat agree with you. Balancing CSS functionality with security, while technologically possible, is very prohibitive for its benefits, especially as I don't know Weasyl's code structure well enough to estimate how difficult the modification would be.

    I think I should just make a separate topic for my follow-up suggestion (one that is much simpler and easier), as it is not entirely compatible with the one in this topic and won't be sufficient for the OP's purposes.

    Thank you for your clarification.

    EDIT: After doing some searching, I have found a staff post indicating that Markdown will soon be implemented, so for now I have nothing further to add.
    Last edited by Fibriel Solaer; 10-19-2013 at 04:15 PM.

  7. #27
    Is there likely to be a large problem of malicious PDFs/TeX? As I understood, it was hardly the simplest or most dangerous way to catch a computer bug.

  8. #28
    Regular Fibriel Solaer's Avatar
    Weasyl
    FibS
    Join Date
    Oct 2013
    Gender
    Male
    Posts
    55
    Quote Originally Posted by Irbisgreif View Post
    Is there likely to be a large problem of malicious PDFs/TeX? As I understood, it was hardly the simplest or most dangerous way to catch a computer bug.
    PDF exploitation was (and most likely still is) primarily a problem with Internet Explorer, which I would dismiss with a "so what" if not for so many people still using Internet Explorer. A foolish choice in any situation I have to say.

    I've never heard of a TeX exploit. Being able to harm a client with a markup language seems like an achievement indeed and indicates serious flaws in the interpreter.

  9.   Click here to go to the next staff post in this thread.   #29
    Technically Staff charmander's Avatar
    Weasyl
    charmander
    Join Date
    Sep 2013
    Location
    Kanto
    Posts
    38
    This describes some options. There are ways to set timeouts, stop excessively large files from being produced, scan files, and isolate everything, none of which is worth the effort when we can use pdf.js.
    Last edited by charmander; 10-27-2013 at 12:41 AM.

  10. #30
    Junior mwalimu's Avatar
    Weasyl
    mwalimu
    Join Date
    Feb 2013
    Location
    Normal, IL
    Posts
    29
    I hadn't been to Weasyl in a while, but since FA is down I'm here giving it another look over to see what changes or improvements have been made. Being a writer rather than an artist, my biggest complaint was the very limited choices for literary submissions, just .txt with or without bbcode, neither of which is acceptable to me for anything over a couple thousand words. Now that I'm back, I was disappointed to discover there hasn't been any real improvement in this area. The only capability that I don't remember seeing before is the ability to upload to Google Docs and link to it from Weasyl, and I'm not sure how useful that would be to me. Still no support for .rtf, .html, .doc, .docx, or .pdf.

    Come on, Weasyl, are we ever going to see any real support for literary submissions?

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •