Steps to reproduce the problem
See: https://neuromatch.social/@[email protected]/111502628902459771
Expected behaviour
Only typeset between \(
and \)
Actual behaviour
See above (this issue template sucks)
Detailed description
The instance should be configured like this:
var nonce = document.querySelector('meta[name="style-nonce"]').getAttribute('content');
window.MathJax = {
chtml: {nonce: nonce},
tex: {
processEnvironments: false,
processRefs: false,
inlineMath: [['\\(', '\\)']],
displayMath: [['\\[', '\\]']]
}
};
|
:javascript |
|
var nonce = document.querySelector('meta[name="style-nonce"]').getAttribute('content'); |
|
window.MathJax = { |
|
chtml: {nonce: nonce}, |
|
tex: { |
|
processEnvironments: false, |
|
processRefs: false, |
|
inlineMath: [['\\(', '\\)']], |
|
displayMath: [['\\[', '\\]']] |
|
} |
|
}; |
|
%script{ src: '/MathJax/es5/tex-chtml.js' } |
|
|
which overrides the displayMath
delimiters which are $$
by default: https://docs.mathjax.org/en/latest/options/input/tex.html
This is apparently ignored because of the site's content security settings which disallow inline scripts.
So we need to use the nonce that comes from here
|
%meta{ name: 'style-nonce', content: request.content_security_policy_nonce } |
in the script tag, and also allow nonce'd inline scripts in our CSP.
See:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script
and
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources
Mastodon instance
neuromatch.social
Mastodon version
garegarg sthsrtjytj
Browser name and version
Firefox
Operating system
macOS
Technical details
No response