-
-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The fallback original_student_ans can not be in math mode text in hardcopy. #2413
The fallback original_student_ans can not be in math mode text in hardcopy. #2413
Conversation
} elsif (defined $pg->{answers}{$ansName}{original_student_ans} | ||
&& $pg->{answers}{$ansName}{original_student_ans} ne '') | ||
{ | ||
$stuAns = "\\text{" . $pg->{answers}{$ansName}{original_student_ans} . "}"; | ||
$stuAns .= "\\begin{verbatim}$pg->{answers}{$ansName}{original_student_ans}\\end{verbatim}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why have the .=
operator here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing that out. It should not have been. That should give warnings in fact because $stuAns
would not have been initialized.
This made me realize that by printing student answers at all in the PDF, we are open to insertions. Turn off MathQuill (since that complicates the following examples). Without this PR, I could enter an answer like If we want to show the student answers int he PDF, one way to prevent an insertion would be to scan the student answer for an unused character, and use that as the delimiter in |
51b2f26
to
fdac4fb
Compare
That is certainly a problem. With MathQuill disabled submit I don't think that not allowing student answers in hardcopy is a good option. I in fact need that. We are required to submit student artifacts for assessment, and the only way to do that with WeBWorK assignments is to generate hardcopy showing student answers. So we need to find a way to sanitize answers. Note that essay answers already do this. If you try to enter the above strings for an essay answer, the loop does not occur, and hardcopy generation succeeds. So we may need to implement that more generally. That is done on the PG side (on lines 94-99 of PGessaymacros.pl). We probably can't do that to the |
Maybe your suggestion of finding a character not in the student answer to use for the verb delimiter will work. The problem is, how do you find such a character? |
We do this in pretext for something else. There is a list of potential
delimiter characters and it looks through the string until it finds an
available one. If it reaches the end of the list (which should never happen
in practice) the output becomes a message about not finding a delimiter.
But here, maybe the student answer could be truncated and then do the
search again.
…On Tue, Apr 30, 2024, 7:32 AM Glenn Rice ***@***.***> wrote:
Maybe your suggestion of finding a character not in the student answer to
use for the verb delimiter will work. The problem is, how do you find such
a character?
—
Reply to this email directly, view it on GitHub
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-9ef65f03de34f295&q=1&e=392a9d23-5fad-464a-b703-37d8d220a2af&u=https%3A%2F%2Fgithub.com%2Fopenwebwork%2Fwebwork2%2Fpull%2F2413%23issuecomment-2085495174>,
or unsubscribe
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-8831d6619392af6b&q=1&e=392a9d23-5fad-464a-b703-37d8d220a2af&u=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABEDOADVJ7ABUFEIOOJEJG3Y76TPFAVCNFSM6AAAAABG3LE62CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBVGQ4TKMJXGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
How about just removing any |
There is not reason that a student's original answer should ever have a |
What about like
\end{ verbatim }
and other variants? All I can think of is whitespace surrounding 'verbatim'
and after 'end'. Are there other ways to end the environment? I'm not sure
what can be done with low level tex.
…On Tue, Apr 30, 2024, 7:50 AM Glenn Rice ***@***.***> wrote:
There is not reason that a student's original answer should ever have a
\end{verbatim} in it unless a student is attempting to do something
malicious.
—
Reply to this email directly, view it on GitHub
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-297033581f7b1bce&q=1&e=094153e0-3645-466a-9f05-78ca429885f2&u=https%3A%2F%2Fgithub.com%2Fopenwebwork%2Fwebwork2%2Fpull%2F2413%23issuecomment-2085553145>,
or unsubscribe
<https://protect2.fireeye.com/v1/url?k=31323334-501d2dca-3132feb7-454455534531-46c1e5635975c9d4&q=1&e=094153e0-3645-466a-9f05-78ca429885f2&u=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABEDOAC6EUBPTRMBU3NCNRDY76VTFAVCNFSM6AAAAABG3LE62CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBVGU2TGMJUGU>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
I thought of that, and tested with spaces. They don't work to end the environment. LaTeX is particular about that. I don't think there is a low level TeX way to break out of a verbatim either. If there were, then I don't see that using a |
I just read about it and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
…dcopy. There are many answers for which the `original_student_ans` does not work inside `$\displaystyle \text{...}$` which is what is currently used for student answers if `preview_latex_string` is not defined or is empty. For example, consider the following MWE. ``` DOCUMENT(); loadMacros('PGstandard.pl', 'PGML.pl', 'contextFraction.pl', 'PGcourse.pl'); $b = random(2, 4); $ans = Compute("3^($b)"); Context()->operators->undefine('+', '-', '*', ' *', '* ', '^', '**'); BEGIN_PGML Simplify [`3^[$b]`]: [_]{$ans} END_PGML ENDDOCUMENT(); ``` Add that problem to a set and submit the answer `3^$b` (whatever `$b` is for you) without actually simplifying. Since exponents are disabled for this problem, that answer does not parse into a MathObject value, and so `preview_latex_string` is undefined. Now if you generate a hardcopy for this set including "Student answers" hardcopy will fail since the `^` character must be in math mode and not inside `\text`. So I see no alternative, but to go back to using verbatim in this case.
…r hardcopy. This prevents a student from entering an answer that can break out of the verbatim and add malicious TeX.
0aa02ca
to
3ebc0f1
Compare
There are many answers for which the
original_student_ans
does not work inside$\displaystyle \text{...}$
which is what is currently used for student answers ifpreview_latex_string
is not defined or is empty.For example, consider the following MWE.
Add that problem to a set and submit the answer
3^$b
(whatever$b
is for you) without actually simplifying. Since exponents are disabled for this problem, that answer does not parse into a MathObject value, and sopreview_latex_string
is undefined. Now if you generate a hardcopy for this set including "Student answers" hardcopy will fail since the^
character must be in math mode and not inside\text
.So I see no alternative, but to go back to using verbatim in this case.