The fallback original_student_ans can not be in math mode text in hardcopy. #2413
Conversation
| } elsif (defined $pg->{answers}{$ansName}{original_student_ans} | ||
| && $pg->{answers}{$ansName}{original_student_ans} ne '') | ||
| { | ||
| $stuAns = "\\text{" . $pg->{answers}{$ansName}{original_student_ans} . "}"; | ||
| $stuAns .= "\\begin{verbatim}$pg->{answers}{$ansName}{original_student_ans}\\end{verbatim}"; |
There was a problem hiding this comment.
Why have the .= operator here?
There was a problem hiding this comment.
Thanks for pointing that out. It should not have been. That should give warnings in fact because $stuAns would not have been initialized.
|
This made me realize that by printing student answers at all in the PDF, we are open to insertions. Turn off MathQuill (since that complicates the following examples). Without this PR, I could enter an answer like If we want to show the student answers int he PDF, one way to prevent an insertion would be to scan the student answer for an unused character, and use that as the delimiter in |
drgrice1
force-pushed
the
bugfix/hardcopy-fallback
branch
2 times, most recently
from
51b2f26
to
fdac4fb
Compare
|
That is certainly a problem. With MathQuill disabled submit I don't think that not allowing student answers in hardcopy is a good option. I in fact need that. We are required to submit student artifacts for assessment, and the only way to do that with WeBWorK assignments is to generate hardcopy showing student answers. So we need to find a way to sanitize answers. Note that essay answers already do this. If you try to enter the above strings for an essay answer, the loop does not occur, and hardcopy generation succeeds. So we may need to implement that more generally. That is done on the PG side (on lines 94-99 of PGessaymacros.pl). We probably can't do that to the |
|
Maybe your suggestion of finding a character not in the student answer to use for the verb delimiter will work. The problem is, how do you find such a character? |
|
We do this in pretext for something else. There is a list of potential
delimiter characters and it looks through the string until it finds an
available one. If it reaches the end of the list (which should never happen
in practice) the output becomes a message about not finding a delimiter.
But here, maybe the student answer could be truncated and then do the
search again.
…On Tue, Apr 30, 2024, 7:32 AM Glenn Rice ***@***.***> wrote:
Maybe your suggestion of finding a character not in the student answer to
use for the verb delimiter will work. The problem is, how do you find such
a character?
—
Reply to this email directly, view it on GitHub
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-9ef65f03de34f295&q=1&e=392a9d23-5fad-464a-b703-37d8d220a2af&u=https%3A%2F%2Fgithub.com%2Fopenwebwork%2Fwebwork2%2Fpull%2F2413%23issuecomment-2085495174>,
or unsubscribe
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-8831d6619392af6b&q=1&e=392a9d23-5fad-464a-b703-37d8d220a2af&u=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABEDOADVJ7ABUFEIOOJEJG3Y76TPFAVCNFSM6AAAAABG3LE62CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBVGQ4TKMJXGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
How about just removing any |
|
There is not reason that a student's original answer should ever have a |
|
What about like
\end{ verbatim }
and other variants? All I can think of is whitespace surrounding 'verbatim'
and after 'end'. Are there other ways to end the environment? I'm not sure
what can be done with low level tex.
…On Tue, Apr 30, 2024, 7:50 AM Glenn Rice ***@***.***> wrote:
There is not reason that a student's original answer should ever have a
\end{verbatim} in it unless a student is attempting to do something
malicious.
—
Reply to this email directly, view it on GitHub
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-297033581f7b1bce&q=1&e=094153e0-3645-466a-9f05-78ca429885f2&u=https%3A%2F%2Fgithub.com%2Fopenwebwork%2Fwebwork2%2Fpull%2F2413%23issuecomment-2085553145>,
or unsubscribe
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-46c1e5635975c9d4&q=1&e=094153e0-3645-466a-9f05-78ca429885f2&u=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABEDOAC6EUBPTRMBU3NCNRDY76VTFAVCNFSM6AAAAABG3LE62CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBVGU2TGMJUGU>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
I thought of that, and tested with spaces. They don't work to end the environment. LaTeX is particular about that. I don't think there is a low level TeX way to break out of a verbatim either. If there were, then I don't see that using a |
|
I just read about it and |
…dcopy.
There are many answers for which the `original_student_ans` does not
work inside `$\displaystyle \text{...}$` which is what is currently used
for student answers if `preview_latex_string` is not defined or is
empty.
For example, consider the following MWE.
```
DOCUMENT();
loadMacros('PGstandard.pl', 'PGML.pl', 'contextFraction.pl', 'PGcourse.pl');
$b = random(2, 4);
$ans = Compute("3^($b)");
Context()->operators->undefine('+', '-', '*', ' *', '* ', '^', '**');
BEGIN_PGML
Simplify [`3^[$b]`]: [_]{$ans}
END_PGML
ENDDOCUMENT();
```
Add that problem to a set and submit the answer `3^$b` (whatever `$b` is
for you) without actually simplifying. Since exponents are disabled for
this problem, that answer does not parse into a MathObject value, and so
`preview_latex_string` is undefined. Now if you generate a hardcopy for
this set including "Student answers" hardcopy will fail since the `^`
character must be in math mode and not inside `\text`.
So I see no alternative, but to go back to using verbatim in this case.
…r hardcopy. This prevents a student from entering an answer that can break out of the verbatim and add malicious TeX.
drgrice1
force-pushed
the
bugfix/hardcopy-fallback
branch
from
0aa02ca
to
3ebc0f1
Compare
There are many answers for which the
original_student_ansdoes not work inside$\displaystyle \text{...}$which is what is currently used for student answers ifpreview_latex_stringis not defined or is empty.For example, consider the following MWE.
Add that problem to a set and submit the answer
3^$b(whatever$bis for you) without actually simplifying. Since exponents are disabled for this problem, that answer does not parse into a MathObject value, and sopreview_latex_stringis undefined. Now if you generate a hardcopy for this set including "Student answers" hardcopy will fail since the^character must be in math mode and not inside\text.So I see no alternative, but to go back to using verbatim in this case.