That’s really impressive but has massive security implications.
the PDF file format supports Javascript with its own separate standard library. Modern browsers (Chromium, Firefox) implement this as part of their PDF engines.
This is something that really shouldn’t exist. I can’t imagine the legitimate uses for this outweigh the ways to abuse it.
Documents shouldn’t be allowed to run code. Ever.
Incidentally, anyone know which Firefox flag to set to disable running JS in PDFs entirely?
That’s really impressive but has massive security implications.
This is something that really shouldn’t exist. I can’t imagine the legitimate uses for this outweigh the ways to abuse it.
Documents shouldn’t be allowed to run code. Ever.
Incidentally, anyone know which Firefox flag to set to disable running JS in PDFs entirely?
Indeed, any time you have a Turing complete language baked into a document that’s a recipe for exploits.