|
|
|
|
|
|
by fdupress
903 days ago
|
|
|
"gets converted to" and "gets rendered as uploaded by the user" are two different things. There are no issues with arXiv generating the HTML and sending that over: they control the generation process, and users who visit arXiv already trust it to not be malicious. The issue is with letting the user upload their own and having it sent on to other users as is. |
|
|