upgrade jquery-ui version

114 views
Skip to first unread message

Glen Davies

unread,
Apr 23, 2018, 12:53:23 PM4/23/18
to PDFTron WebViewer
Hi 

Is it possible to easily upgrade the jquery-ui version bundled with webviewer from 1.11.1 to 1.11.4 or 1.12.1 ?

Thanks
Glen

Matt Parizeau

unread,
Apr 24, 2018, 4:17:51 PM4/24/18
to PDFTron WebViewer
Hi Glen,

I briefly tried replacing it with jQuery UI 1.12.1 and it seemed to mostly just work. A couple things I noticed were that the default font size was a bit smaller, noticeable in the bookmark and search menus. The "buttonset" buttons in the notes panel and on the annotation style menu didn't look correct, it looks like because of a new controlgroup api. My guess is that these wouldn't be too hard to resolve.

Was there a particular reason that you wanted to upgrade to a newer version?

Matt Parizeau
Software Developer
PDFTron Systems Inc.

Glen Davies

unread,
May 7, 2018, 12:17:42 PM5/7/18
to PDFTron WebViewer
Sorry about the delay in replying. There is a potential XSS vulnerability in jquery-ui <= 1.11.4,https://snyk.io/vuln/npm:jquery-ui:20160721 -  so getting this upgraded to 1.12.1 would be useful to give the impression that pdfnetjs is a secure app even if the dialog method in question is not used in the interface. What are the possibilities of this work being done? Or if you are not able to do it in the short term, is there any easy way for use to point the viewer to an updated version of jquery-ui ourselves?


Thanks
Glen

Matt Parizeau

unread,
May 7, 2018, 4:03:16 PM5/7/18
to PDFTron WebViewer
Hi Glen,

I confirmed that the viewer is not using the "closeText" option so the vulnerability should not be a problem and we don't currently have near-term plans to upgrade jQuery UI.

If you want to upgrade it yourself you'll want to update ReaderControl.html which contains references to the jQuery UI CSS and JS files.
<link href="external/jquery-ui/themes/cloud/jquery-ui-1.11.1.custom.min.css" rel="stylesheet">
...
<script src="external/jquery-ui/jquery-ui-1.11.1.custom.min.js"></script>

So you'll want to upgrade these files with the downloaded versions, changing the names slightly. We use a custom version with certain components stripped out but this isn't required.

Then the places where I noticed components that might need to have their code updated are in NotesPanel.js and AnnotationEdit.js. I hadn't yet looked into how the APIs have changed and what would be required to fix their appearances. Hopefully this can get you going in the right direction.

Matt Parizeau
Software Developer
PDFTron Systems Inc.

Glen Davies

unread,
May 8, 2018, 7:06:46 PM5/8/18
to PDFTron WebViewer
Thanks Matt - that gives us all we need for now.

Glen
Reply all
Reply to author
Forward
0 new messages