Skip to content

Commit 3cc4777

Browse files
szaimenszaimen
authored
Merge pull request #887 from nextcloud/enh/noid/disable-scripting
disable scripting in pdfviewer
2 parents 83f4dac + ae5604b commit 3cc4777

File tree

5 files changed

+20
-3
lines changed

5 files changed

+20
-3
lines changed

README.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,15 @@ You can view PDF files as well as Adobe Illustrator files (.ai)
66

77
![PDF Logo](https://user-images.githubusercontent.com/59488153/189176433-2f6d97a1-b151-4099-84f4-d1446a007b8a.png)
88

9+
### Enable Javascript execution in PDF files
10+
11+
To allow Javascript embedded in PDF-files to be executed inside the PDF-viewer inside your browser, enable it with:
12+
13+
`php occ config:app:set files_pdfviewer enable_scripting --value=yes`
14+
15+
Disable:
16+
17+
`php occ config:app:delete files_pdfviewer enable_scripting`
918

1019
## 🏗 Development setup
1120

js/files_pdfviewer-workersrc.js

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

js/files_pdfviewer-workersrc.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/workersrc.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,10 @@ function initializeCustomPDFViewerApplication() {
4444
PDFViewerApplicationOptions.set('isEvalSupported', false)
4545
PDFViewerApplicationOptions.set('workerSrc', head.getAttribute('data-workersrc'))
4646
PDFViewerApplicationOptions.set('cMapUrl', head.getAttribute('data-cmapurl'))
47+
PDFViewerApplicationOptions.set('sandboxBundleSrc', head.getAttribute('data-sandbox'))
4748
PDFViewerApplicationOptions.set('enablePermissions', true)
4849
PDFViewerApplicationOptions.set('imageResourcesPath', './js/pdfjs/web/images/')
50+
PDFViewerApplicationOptions.set('enableScripting', head.getAttribute('data-enableScripting') === true)
4951

5052
if (canDownload === '0') {
5153
const pdfViewer = window.document.querySelector('.pdfViewer')

templates/viewer.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@
33
/** @var OCP\IURLGenerator $urlGenerator */
44
$urlGenerator = $_['urlGenerator'];
55
$version = \OC::$server->getAppManager()->getAppVersion('files_pdfviewer');
6+
$enableScripting = false;
7+
if (\OC::$server->getConfig()->getAppValue('files_pdfviewer', 'enable_scripting', 'no') === 'yes') {
8+
$enableScripting = true;
9+
}
610
?>
711

812
<!DOCTYPE html>
@@ -29,6 +33,8 @@
2933
-->
3034
<html dir="ltr" mozdisallowselectionprint>
3135
<head data-workersrc="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/build/pdf.worker.js')) ?>?v=<?php p($version) ?>"
36+
data-enableScripting="<?php p($enableScripting ? true : false) ?>"
37+
data-sandbox="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/build/pdf.sandbox.js'))?>"
3238
data-cmapurl="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/web/cmaps/')) ?>">
3339
<meta charset="utf-8">
3440
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">

0 commit comments

Comments
 (0)