-
Notifications
You must be signed in to change notification settings - Fork 9
Refactoring roadmap
Ilya V. Schurov edited this page May 24, 2017
·
3 revisions
I'm going to do some refactoring / splitting of the project in order to make an online service like nbviewer on top of it.
The following changes are planned so far:
- Provide more clear separation between different parts of the project: indent-based markup metalanguage (currently known as MLQQ, probably will be renamed to indentml), LaTeX-style language based on this metalanguage aimed on writing mathematical textbooks (qqDoc, probably renamed to qqmath*), a system that can handle books in qqDoc/qqMath and create sites from them (multiple chapters, cross-references and so on — what currently qqhtmlpreview do, to be named qqmathbook) and possibly other parts.
- The features of qqDoc are classified as safe or unsafe. Safe features are those that can be safely done server-side, like LaTeX-style processing: no arbitratry code execution involved here and no dangerous content produced (like arbitrary javascript), so the result can be hosted on third-party server. Examples of unsafe features are
\pythonfigure,\plotly(due to arbitrary python code execution) or\rawhtml(due to possible XSS).
| Feature | Examples | Safety level |
|---|---|---|
| Markdown-level markup | headings `\h?`, `\paragraph`, `\enumerate`, `\itemize`, `\em`. Proposed: `\href` | safe |
| LaTeX-level markup | `\eq`, `\equation`, `\align`, `\ref`, `\eqref`, enumeratable environments (like *Theorem 2*), `\proof`, `\figure` | safe |
| Dynamically generated figures | `\pythonfigure', `\plotly` | server-unsafe: arbitrary Python code execution. |
| Interactive features | snippets, quizzes | safe |
| Workaround features | \rawhtml | client-unsafe: XSS (unless javascript is sanitized) |