Update:

Will,

i have to admit that I kind of flail around in my javascript but I dug a bit into editor_plugin.js hoping to solve the issue myself; again, if one uses htmlpurifier, the < and > get zapped out of the url which isn't so hot. Anyway, at the bottom of the script I added a couple of lines.

Originally you had:

TinyMCE_Add = function( name )
{
	var sName = name.match( /(gif|svg).latex?(.*)/ );
	var latex= unescape(sName[2]);
	latex = latex.replace(/@plus;/g,'+');
	latex = latex.replace(/+/g,'+');
	latex = latex.replace(/&space;/g,' ');

Then, I added the next 3 lines to url encode:

sName[2] = sName[2].replace('<','%3C');
	sName[2] = sName[2].replace('>','%3E');
	name ='http://latex.codecogs.com/gif.latex?'+sName[2];

Now the name below should have url encoded > and <. Because they're url coded here, when one posts the field and runs it through htmlpurifier, they won't be deleted as potentially harmful characters.

tinyMCE.activeEditor.execCommand('mceInsertContent', false, '<img src="'+name+'" alt="'+latex+'"  />');

Also, the last line in the file was:

tinyMCE.execCommant('mceFocus', false, tinymce.activeEditor.editorId);

whereas I believe that the intended code was (Command instead of Commant):

tinyMCE.execCommand('mceFocus', false, tinymce.activeEditor.editorId);

Your thoughts on my approach and the issue that I've raised regarding purifying the url's when there are < or > in addition to my thoughts on the typo on the last line would be appreciated.

Cheers!

-Eric