this post was submitted on 01 Feb 2025
24 points (100.0% liked)

General Programming Discussion

8293 readers
2 users here now

A general programming discussion community.

Rules:

  1. Be civil.
  2. Please start discussions that spark conversation

Other communities

Systems

Functional Programming

Also related

founded 7 years ago
MODERATORS
top 5 comments
sorted by: hot top controversial new old
[–] HiddenLayer555@lemmy.ml 11 points 1 year ago* (last edited 1 year ago) (3 children)

That's really impressive but has massive security implications.

the PDF file format supports Javascript with its own separate standard library. Modern browsers (Chromium, Firefox) implement this as part of their PDF engines.

This is something that really shouldn't exist. I can't imagine the legitimate uses for this outweigh the ways to abuse it.

Documents shouldn't be allowed to run code. Ever.

Incidentally, anyone know which Firefox flag to set to disable running JS in PDFs entirely?

[–] yogthos@lemmy.ml 7 points 1 year ago

Indeed, any time you have a Turing complete language baked into a document that's a recipe for exploits.

[–] CaptainBasculin@lemmy.ml 2 points 1 year ago

While a small subset of JS's capabilities are implemented within browsers due to security concerns; its full functionality exists in some PDF readers, notably Acrobat.

[–] xhduqetz@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Incidentally, anyone know which Firefox flag to set to disable running JS in PDFs entirely?

It's pdfjs.enableScripting in about:config. Note that Firefox is more strict with PDF scripts to begin with, and the linked Linux PDF only works in Chromium-based browsers.

[–] BestBouclettes@jlai.lu 3 points 1 year ago

Portable Distribution Format