1

It appears that PDF has, for lack of a better term the "feature" to contain javascript, but luckily it seems there is a change that only some software implements support for javascript

Since web browsers deal already with the issue to handle tons of untrusted input, and hence do some sort of sandboxing, I rather appreciate to open pdf documents inside the browser sandbox via pdf.js. However I wonder if pdf.js will implement the "javascript contained in pdf file misfeature"?

humanityANDpeace
  • 4,350
  • 3
  • 37
  • 63

2 Answers2

2

Update 2022: Since Summer 2021, pdf.js (and by extension, my library ngx-extended-pdf-viewer) uses Quick.js to run JavaScript in a sandbox. You've already mentioned that the browser runs JavaScript in a sandbox, so this is a sandbox running in a sandbox. The Mozilla team didn't want to give the JavaScript code embedded in the PDF file access to browser resources.

If you're using Firefox as a PDF viewer, you're using a slightly different version of pdf.js. It runs the JavaScript code in the same sandbox that runs Firefox WebExtensions.

Here's an article written by the authors of the JavaScript implementation: https://hacks.mozilla.org/2021/10/implementing-form-filling-and-accessibility-in-the-firefox-pdf-viewer/

Stephan Rauh
  • 3,069
  • 2
  • 18
  • 37
1

pdf.js still does not support embedded javascript

There are some other implementations (e.g. https://www.pdftron.com/webviewer/demo/pdf-forms) but most of them have some limitations unless you are looking for simple field/form calculations

Ika
  • 402
  • 2
  • 14
  • "still not" sounds like it targets support at a later state? Is my hope that Javascript in PDF will be something that will not become mainstream just wishfull thinking? – humanityANDpeace Feb 25 '19 at 19:26
  • Given that most of original Mozilla pdf.js team is gone and the recent activity this is very likely not going to happen anytime soon :( – Ika Feb 26 '19 at 07:18
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1100769 – meles Nov 23 '20 at 18:37