From 90986c1ade70bf061d833c3ecf08b82129a0ce35 Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <jessica.lawshe@overleaf.com>
Date: Wed, 27 Jun 2018 17:26:39 -0500
Subject: [PATCH 1/5] Express local for MathJax path

---
 services/web/app/coffee/infrastructure/ExpressLocals.coffee | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/web/app/coffee/infrastructure/ExpressLocals.coffee b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
index 6943a79cb2..d2e7415067 100644
--- a/services/web/app/coffee/infrastructure/ExpressLocals.coffee
+++ b/services/web/app/coffee/infrastructure/ExpressLocals.coffee
@@ -167,6 +167,11 @@ module.exports = (app, webRouter, privateApiRouter, publicApiRouter)->
 			path = Path.join("/img/", imgFile)
 			return Url.resolve(staticFilesBase, path)
 
+		res.locals.mathJaxPath = res.locals.buildJsPath(
+			'libs/mathjax/MathJax.js',
+			{cdn:false, qs:{config:'TeX-AMS_HTML'}}
+		)
+
 		next()
 
 

From a34dcef8b7ce0c0ec213b8dd5033a437b1273fc4 Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <jessica.lawshe@overleaf.com>
Date: Wed, 27 Jun 2018 17:27:27 -0500
Subject: [PATCH 2/5] Use express local for MathJax path

---
 services/web/app/views/project/editor.pug | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/web/app/views/project/editor.pug b/services/web/app/views/project/editor.pug
index 602b9af86b..190ba57cf6 100644
--- a/services/web/app/views/project/editor.pug
+++ b/services/web/app/views/project/editor.pug
@@ -103,6 +103,8 @@ block content
 			h3 {{ title }}
 		.modal-body(ng-bind-html="message")
 
+	script(src=mathJaxPath)
+
 block requirejs
 	script(type="text/javascript" src='/socket.io/socket.io.js')
 
@@ -133,7 +135,6 @@ block requirejs
 		window.wikiEnabled = #{!!(settings.apis.wiki && settings.apis.wiki.url)};
 		window.requirejs = {
 			"paths" : {
-				"mathjax": "#{buildJsPath('/libs/mathjax/MathJax.js', {cdn:false, qs:{config:'TeX-AMS_HTML'}})}",
 				"moment": "libs/#{lib('moment')}",
 				"pdfjs-dist/build/pdf": "libs/#{lib('pdfjs')}/pdf",
 				"pdfjs-dist/build/pdf.worker": "#{pdfWorkerPath}",

From 3e8168d32f723ec103d2dd2f2a9949ce04106af7 Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <jessica.lawshe@overleaf.com>
Date: Wed, 27 Jun 2018 17:27:47 -0500
Subject: [PATCH 3/5] Remove MathJax dependency injection

---
 services/web/public/coffee/ide/chat/directives/mathjax.coffee | 1 -
 1 file changed, 1 deletion(-)

diff --git a/services/web/public/coffee/ide/chat/directives/mathjax.coffee b/services/web/public/coffee/ide/chat/directives/mathjax.coffee
index 08e167ee66..2fa449f55f 100644
--- a/services/web/public/coffee/ide/chat/directives/mathjax.coffee
+++ b/services/web/public/coffee/ide/chat/directives/mathjax.coffee
@@ -1,6 +1,5 @@
 define [
 	"base"
-	"mathjax"
 ], (App) ->
 	mathjaxConfig =
 		messageStyle: "none"

From a73934814619e3ede9bd88ac6d69498019c36147 Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <jessica.lawshe@overleaf.com>
Date: Wed, 27 Jun 2018 17:46:35 -0500
Subject: [PATCH 4/5] Move MathJax directive to a shared directory

MathJax parsing now on learn pages, and soon to be on the blog, so move
out of the `ide/chat` directive.
---
 .../web/public/coffee/{ide/chat => }/directives/mathjax.coffee  | 0
 services/web/public/coffee/ide/chat/index.coffee                | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename services/web/public/coffee/{ide/chat => }/directives/mathjax.coffee (100%)

diff --git a/services/web/public/coffee/ide/chat/directives/mathjax.coffee b/services/web/public/coffee/directives/mathjax.coffee
similarity index 100%
rename from services/web/public/coffee/ide/chat/directives/mathjax.coffee
rename to services/web/public/coffee/directives/mathjax.coffee
diff --git a/services/web/public/coffee/ide/chat/index.coffee b/services/web/public/coffee/ide/chat/index.coffee
index de9c46d62d..f2f146c745 100644
--- a/services/web/public/coffee/ide/chat/index.coffee
+++ b/services/web/public/coffee/ide/chat/index.coffee
@@ -2,6 +2,6 @@ define [
 	"ide/chat/controllers/ChatButtonController"
 	"ide/chat/controllers/ChatController"
 	"ide/chat/controllers/ChatMessageController"
-	"ide/chat/directives/mathjax"
+	"directives/mathjax"
 	"filters/wrapLongWords"
 ], () ->
\ No newline at end of file

From 49cf2a8dee64d98d52d5820d06703685d028a0fd Mon Sep 17 00:00:00 2001
From: Jessica Lawshe <jessica.lawshe@overleaf.com>
Date: Wed, 27 Jun 2018 17:57:07 -0500
Subject: [PATCH 5/5] Use the MathJax `Safe.js` extension to prevent XSS

---
 services/web/public/coffee/directives/mathjax.coffee | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/web/public/coffee/directives/mathjax.coffee b/services/web/public/coffee/directives/mathjax.coffee
index 2fa449f55f..6d37353c07 100644
--- a/services/web/public/coffee/directives/mathjax.coffee
+++ b/services/web/public/coffee/directives/mathjax.coffee
@@ -2,6 +2,7 @@ define [
 	"base"
 ], (App) ->
 	mathjaxConfig =
+		extensions: ["Safe.js"]
 		messageStyle: "none"
 		imageFont:null
 		"HTML-CSS": { availableFonts: ["TeX"] },