WTF ... Mozilla had always running JavaScript inside PDFs disabled by default.

But now with FF 88 this option is ENABLED by default. Which means, if a PDF file contains JS it will run without any user interaction. What can possibly go wrong?

To disable this:

pdfjs.enableScripting --> false

# FF 78.10 ESR doesn't include this option and still blocks JS in PDFs by default. Just tested.

@TFG Maybe, they are sure that it's jailed properly now?

@lig @TFG it’s of course jailed in a browser sandbox… so well… also don’t see a big problem with that, unless the PDF reader has vulnerabilities but well… this can happen with any HTML websites with JS, too.


@rugk Some people disable in HTML too. @lig @TFG

· · Web · 1 · 0 · 2

@apokrif @lig @TFG well then use about:config to disable it for your pdf's too

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré est une serveur Mastodon francophone, géré par La Quadrature du Net.