[okular] [Bug 480191] New: Allow user to disable JavaScript support.
Paul Millar
bugzilla_noreply at kde.org
Mon Jan 22 21:47:36 GMT 2024
https://bugs.kde.org/show_bug.cgi?id=480191
Bug ID: 480191
Summary: Allow user to disable JavaScript support.
Classification: Applications
Product: okular
Version: 22.12.3
Platform: Debian stable
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: PDF backend
Assignee: okular-devel at kde.org
Reporter: paul.millar at desy.de
Target Milestone: ---
SUMMARY
JavaScript support increases the attack surface should the Okular user be given
a malicious PDF file.
It would be helpful if Okular warned the user before executing any embedded
JavaScript.
Similarly, it would be helpful if the user could disable JavaScript support
altogether, particularly when the PDF came from an untrusted source.
STEPS TO REPRODUCE
1. Download example PDF from
https://www.pdfscripting.com/public/FreeStuff/PDFSamples/JavaScriptClock.pdf
2. Open file with okular
OBSERVED RESULT
JavaScript code is executed without warning the user. Okular seems to provide
no way to disable JavaScript.
EXPECTED RESULT
I would like to be warned before Okular starts executing JavaScript.
I would also like to see a configuration option that allows the user to disable
JavaScript support.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Okular-devel
mailing list