How to restrict PDF file with malicious content?

621 views
Skip to first unread message

Harish Kumar3

unread,
Jan 29, 2021, 12:57:14 PM1/29/21
to PDFTron WebViewer
 I am facing an issue with PDF validation, I have a pdf with JavaScript code in it  -

%PDF-1.0

1 0 obj
<<
/Type /Catalog
/Pages 2 0 R
/Names 6 0 R
>>
endobj

2 0 obj
<<
/Type /Pages
/Count 1
/Kids [3 0 R]
>>
endobj

3 0 obj
<<
/Type /Page
/Parent 2 0 R
/Resources << /Font << /F1 5 0 R >>
>>
/MediaBox [0 0 612 792]
/Contents 4 0 R
>>
endobj

4 0 obj
<< /Length 45 >>
stream
BT
/F1 24 Tf
250 700 Td (Hello, World!) Tj
ET
endstream
endobj

5 0 obj
<<
/Type /Font
/Subtype /Type1
/BaseFont /Helvetica
>>
endobj

6 0 obj
<<
/JavaScript 7 0 R
>>
endobj

7 0 obj
<<
/Names [(My Code) 8 0 R]
>>
endobj

8 0 obj
<<
/JS (app.alert({cMsg: document.location,
cTitle: "Mario's Message"});
)
/S /JavaScript
>>
endobj

xref
0 9

trailer
<<
/Size 9
/Root 1 0 R
>>
startxref

%%EOF

How can I Restrict this pdf while opening in WebViewer (I do not want to open open malicious PDF and want to throw error/popup)
Please help me here

Matt Parizeau

unread,
Jan 29, 2021, 2:47:03 PM1/29/21
to PDFTron WebViewer
Hi,

You can prevent JavaScript from running by using the CoreControls.disableEmbeddedJavaScript() API. See here for more information https://www.pdftron.com/documentation/web/guides/forms/embedded-js/#disabling

This post may also be useful for you if you instead want to display a popup asking the user to confirm JavaScript execution or just an error when it tries to run https://groups.google.com/g/pdfnet-webviewer/c/QgGvilH3YME/m/Pj8udKVTAgAJ

Matt Parizeau
Software Developer
PDFTron Systems Inc.
Reply all
Reply to author
Forward
0 new messages