jsMath for displaying mathematics with TeX Drupal 6.x module

This is a quick helper to get you started with jsMath for displaying mathematics with TeX Drupal 6.x module.

I include an installation procedure and some sample of equations you can write and corresponding result. This very website does not run jsMath for several reasons, one being that it is slow and the other is that we don't really need it on our corporate website.

If you find an issue, please, file it in the jsMath Drupal queue.

jsMath Installation

Requirements

In order to use the jsMath for displaying mathematics with TeX Drupal 6.x module you need:

jsMath Drupal Module Installation

You want to install the files of the jsMath module in the usual 3rd party module folder. This folder is generally:

   <drupal path>/sites/all/modules

When extracting the tarball, you get a jsmath folder with the module.

jsMath Library Installation

The jsMath library can be installed in two different locations, one is mainly for backward compatibility.

New installation should put the jsMath library in the libraries folder as in:

   <drupal path>/sites/all/libraries/jsMath1

The jsMath module automatically checks for the jsMath folder in that libraries directory. If it is present, then it is used.

The other folder is under the jsmath folder. The reason why that folder should not be used is because Drupal scans all the folders and sub-folders defined under modules. Any file with the .info or .module extension will be discovered and loaded in some way. That could generate incompatibilities in the future. The exact folder is this one:

   <drupal path>/sites/all/modules/jsmath/jsMath1

Note that the jsMath library folder name has a capital M.

jsMath Additional Fonts Installation (optional)

jsMath can be used with additional, complementary fonts. These fonts need to be installed on your server. These are TeX like description of characters that the JavaScript processors uses to generate the characters. The library can also use picture fonts. Those have a drawback, they do not resize very well at all.

All the fonts go under the jsMath/fonts directory. Each font is defined in a folder. For instance, the cm-fonts or the cmmi10 fonts. Depending on the font file that you use, the structure may be slightly different. Make sure you get the font at the right location.

Enabling the jsMath Module

Now that the jsMath module, library, and optional fonts are installed, you are ready to enable the module. Go to Adminster » Site building » Modules and enable the jsMath module.

Now the module is ready.

jsMath Settings

The jsMath settings are found under Administer » Site configuration » jsMath2.

The different options are very well described and I assume that you know something about TeX already.

Input Formats Update

Although previous versions of jsMath would not require the use of an input filter, since version 2.x, to avoid security issues, jsMath is only available via an input format. For this reason, you need to edit one or more of your Input formats and install the jsMath filter to the Input format that you choose.

Input formats are defined under Administer » Site configuration » Input formats.

Edit each format that should support jsMath and select it there.

At this time, the jsMath settings are all in the global settings window. Filters have no additional settings.

IMPORTANT: Choose wisely. This filter is considered to be similar, in dangerousness, to the Full HTML filter. For this reason, you want to only offer access to this filter to trusted users. You can read more about the jsMath security issue on the page created to this effect.

Future Features

I am thinking to add an additional two features that will impact the installation:

  1. Have a flag in nodes so authors can mark whether that node is a jsMath node or not.
  2. Have a flag in the node types to let administrator choose whether such a node can include jsMath code or not.
  • 1. a. b. Notice the capital M in the jsMath folder name.
  • 2. If you have a hard time to find the jsMath entry it may be because it appears at the very end of your list... The menu items are sorted by the database system you are running which may sort case sensitively.

Sample Usage

The jsMath module is now a filter. By default, the filter detects all the delimiters as defined by the jsMath library. This includes \( ... \), \[ ... \], $$ ... $$, $ ... $. It also supports the tag like syntax with [math], [/math] and [display], [/display].

The [math] tag, parenthesis and single dollar sign generate an inline math equation. This means the result is saved in a <span> tag.

The [display] tag, square brackets and double dollar sign generate a block with the math equation. By default, that block is centered which is the default way of presenting equations. This means the result is saved in a <div> tag.

The double dollar sign delimiter can be changed to generate inline math equations.

What is written between the tags is the usual TeX math equation.

For instance, [math]\sqrt{x^2+1}[/math] and [math]\root 3\of {1-\pi x^2}[/math] generate the following equations:

Square root of x square plus one, and cubic root of one minus pi times x square.

Very practical if you are writing a lot of mathematical equations!

jsMath Security Issue

Security Issue

A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.

You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)

The Drupal Security Advisory issue is here: https://www.drupal.org/node/854402

Other Problem

There is another problem: jsMath offers a JavaScript function that parses entire web pages (although there are ways to circumvent that problem, the module does not currently make use of those.) The jsMath Drupal module uses the jsMath Easy JavaScript. That scripts has this call:

   jsMath.tex2math.Convert(document, jsMath.Easy.findCustomSettings);

As you can see, it passes the document as the element to work on. In other words, the entire page (not even just the body part...) In other words, unless you are the only person who can enter data on your site, any user can enter jsMath TeX code anywhere.

Note that as long as the jsMath library has no security issue, then this is not a real security issue. Yet, you have to keep in mind that the jsMath library does not have the same security checks as Drupal does. I would think that it is secure, but I do not know how much work is done on that side of things. (If you know more than I, please post a comment below about it!)

Solutions

Until the conversion gets fixed (i.e. uses a specific element that represents just and only the node content,) I suggest the following solutions.

Easy

The best solution: create a website YOU are 100% in control of (i.e. no one else can post anything, including comments, on that website.)

Harder

The harder solution: create a website that offers the jsMath functionality only for you and a few trusted people and make sure that wherever those pages appear, they are never shown with any data that other people can enter on your website. This includes blocks (especially those with Latest Posts, Latest Comments, etc.), comments, aggregated RSS feeds, etc.

Remember that nodes marked as Promoted to front page appear in lists of nodes. For instance, even if you change the home page on your website, the /node page remains accessible and shows all those pages... If another user can post a forum question and include bad code in that page, jsMath will pick it up on /node.

Views are similarly capable of mixing multiple nodes together and thus mixing potentially dangerous content (in regard to jsMath) together.