On 03/23/2010 05:23 PM, Aryeh Gregor wrote: > On Tue, Mar 23, 2010 at 1:00 PM, Roan Kattouw <[email protected]> wrote: >> DFAs parse regular languages, which means those languages can also be >> expressed as regexes. In fact, the regexes accepted by the preg_*() >> functions allow certain extensions to the language theory definition >> of regular expressions, allowing them to describe certain non-regular >> languages as well. In short: preg_split() can do everything a DFA can >> do, and more. The only reason to use a DFA parser would be >> performance, but since the preg_*() functions are so heavily optimized >> I don't think that'll be an issue. > > This much I know, but is LaTeX actually a regular language?
It's not even context free, luckily the subset we are interested in is (as clearly shown by the texvc parser :p). > > On Tue, Mar 23, 2010 at 1:13 PM, Conrad Irwin > <[email protected]> wrote: >> And here was me thinking that maintenance didn't happen because making >> changes to security critical sections of the code is dangerous :). > > It's not security-critical. The worst you could possibly do is DoS, > and any DoS could be instantly shut off by just turning off math > briefly. Furthermore, the part that makes DoS impossible is a quite > small portion of the code that would need to change effectively never. > No, the problem is that most PHP programmers have never even heard of > OCaml, let alone used it. Many LaTeX installations can be made read/write/execute anything by default. LaTeX also allows you to redefine the meaning of characters in the input, if you accidentally let a single command through, then all the whitelisting becomes pointless. It certainly is a security issue. Conrad _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
