Skip to content

Commit

Permalink
Merge pull request #890 from nextcloud/backport/887/stable26
Browse files Browse the repository at this point in the history 
[stable26] disable scripting in pdfviewer
  • Loading branch information
@nickvergessen
nickvergessen authored Jan 18, 2024
2 parents dc74588 + 36c7b6b commit 5dd5092
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 3 deletions.
9 changes: 9 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,15 @@ You can view PDF files as well as Adobe Illustrator files (.ai)

![PDF Logo](https://user-images.githubusercontent.com/59488153/189176433-2f6d97a1-b151-4099-84f4-d1446a007b8a.png)

### Enable Javascript execution in PDF files

To allow Javascript embedded in PDF-files to be executed inside the PDF-viewer inside your browser, enable it with:

`php occ config:app:set files_pdfviewer enable_scripting --value=yes`

Disable:

`php occ config:app:delete files_pdfviewer enable_scripting`

## 🏗 Development setup

Expand Down
4 changes: 2 additions & 2 deletions js/files_pdfviewer-workersrc.js
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion js/files_pdfviewer-workersrc.js.map
View file

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions src/workersrc.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,10 @@ function initializeCustomPDFViewerApplication() {
PDFViewerApplicationOptions.set('isEvalSupported', false)
PDFViewerApplicationOptions.set('workerSrc', head.getAttribute('data-workersrc'))
PDFViewerApplicationOptions.set('cMapUrl', head.getAttribute('data-cmapurl'))
PDFViewerApplicationOptions.set('sandboxBundleSrc', head.getAttribute('data-sandbox'))
PDFViewerApplicationOptions.set('enablePermissions', true)
PDFViewerApplicationOptions.set('imageResourcesPath', './js/pdfjs/web/images/')
PDFViewerApplicationOptions.set('enableScripting', head.getAttribute('data-enableScripting') === true)

if (canDownload === '0') {
const pdfViewer = window.document.querySelector('.pdfViewer')
Expand Down
6 changes: 6 additions & 0 deletions templates/viewer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
/** @var OCP\IURLGenerator $urlGenerator */
$urlGenerator = $_['urlGenerator'];
$version = \OC::$server->getAppManager()->getAppVersion('files_pdfviewer');
$enableScripting = false;
if (\OC::$server->getConfig()->getAppValue('files_pdfviewer', 'enable_scripting', 'no') === 'yes') {
$enableScripting = true;
}
?>

<!DOCTYPE html>
Expand All @@ -29,6 +33,8 @@
-->
<html dir="ltr" mozdisallowselectionprint>
<head data-workersrc="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/build/pdf.worker.js')) ?>?v=<?php p($version) ?>"
data-enableScripting="<?php p($enableScripting ? true : false) ?>"
data-sandbox="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/build/pdf.sandbox.js'))?>"
data-cmapurl="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/web/cmaps/')) ?>">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
Expand Down

0 comments on commit 5dd5092

Please sign in to comment.