Remove math rendering exception for wikis
What does this MR do and why?
Related to Client-side DoS via AsciiDoc math feature (#424271 - closed) and Allow configuration of math expression renderin... (#214530 - closed)
Wikis and repositories are no longer allow unlimited math rendering. It is now controlled by the math_rendering_limits_enabled
instance and group setting.
The new group level setting is being added by Make math_rendering_limits_enabled a cascading ... (!143256 - merged). I've cherry-picked its commit here (it's the first commit) in order to finish building this.
By disabling the math_rendering_limits_enabled
, math can be rendered without limits, in issues, MRs, wikis, repository, etc. When limits are enabled (the default), math rendering will be limited in all places, including wikis and repositories.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Test markdown:
$`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$
$`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$
$`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$
$`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$
$`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$ + $`a^2+b^2=c^2`$
- Verify that in wikis and repositories math is being limited, by pasting the above markdown and previewing/saving.
- Disable math limits by either using the GraphQL instructions in !143256 (merged), or by doing
ApplicationSetting.update(math_rendering_limits_enabled: false)
from the Rails console. - Verify that math is now unlimited in wikis, repositories, issues, etc.