[IPython-dev] Insecure loading of mathjax

Thomas Kluyver takowl at gmail.com
Fri Aug 1 21:20:42 EDT 2014

On 1 August 2014 15:47, Julian Taylor <jtaylor.debian at googlemail.com> wrote:

> In this case if someone is able to do a MITM and controls one of the
> domains that share the certificate with mathjax that person would be
> able to redirect the request to mathjax.org to his domain and serve any
> file. The browser would accept this as the certificate is valid for the
> domain even though its a different one than the request was sent to.
> Or would the browser complain about the change in any case?

I have opened an issue on Mathjax to work out if this is possible. It's
probably most concerning for IPython, but if it's possible, it potentially
affects any site loading Mathjax from the CDN.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140801/169c7534/attachment.html>

More information about the IPython-dev mailing list