Skip to content

Commit 561aa9e

Browse files
szaimenszaimen
committed
disable scripting in pdfviewer
Signed-off-by: Simon L <[email protected]>
1 parent 27b72cb commit 561aa9e

3 files changed

Lines changed: 18 additions & 1 deletion

File tree

README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,16 @@ files_pdfviewer
44
This application integrates the [PDF.js](https://mozilla.github.io/pdf.js/) library into Nextcloud's Viewer.
55
You can view PDF files as well as Adobe Illustrator files (.ai)
66

7+
### Enable Javascript execution in PDF files
8+
9+
To allow Javascript embedded in PDF-files to be executed inside the PDF-viewer inside your browser, enable it with:
10+
11+
`php occ config:app:set files_pdfviewer enable_scripting --value=yes`
12+
13+
Disable:
14+
15+
`php occ config:app:delete files_pdfviewer enable_scripting`
16+
717
## 🏗 Development setup
818

919
1. ☁ Clone this app into the `apps` folder of your Nextcloud: `git clone https://github.com/nextcloud/files_pdfviewer.git`

src/workersrc.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,8 @@ function initializeCustomPDFViewerApplication() {
4949
PDFViewerApplicationOptions.set('isEvalSupported', false)
5050
PDFViewerApplicationOptions.set('workerSrc', document.getElementsByTagName('head')[0].getAttribute('data-workersrc'))
5151
PDFViewerApplicationOptions.set('cMapUrl', document.getElementsByTagName('head')[0].getAttribute('data-cmapurl'))
52-
PDFViewerApplicationOptions.set('enablePermissions', true)
52+
PDFViewerApplicationOptions.set('sandboxBundleSrc', document.getElementsByTagName('head')[0].getAttribute('data-sandbox'))
53+
PDFViewerApplicationOptions.set('enableScripting', document.getElementsByTagName('head')[0].getAttribute('data-enableScripting') === true)
5354

5455
if (canDownload === '0') {
5556
const pdfViewer = window.document.querySelector('.pdfViewer')

templates/viewer.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@
33
/** @var OCP\IURLGenerator $urlGenerator */
44
$urlGenerator = $_['urlGenerator'];
55
$version = \OC::$server->getAppManager()->getAppVersion('files_pdfviewer');
6+
$enableScripting = false;
7+
if (\OC::$server->getConfig()->getAppValue('files_pdfviewer', 'enable_scripting', 'no') === 'yes') {
8+
$enableScripting = true;
9+
}
610
?>
711

812
<!DOCTYPE html>
@@ -29,6 +33,8 @@
2933
-->
3034
<html dir="ltr" mozdisallowselectionprint>
3135
<head data-workersrc="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/build/pdf.worker.js')) ?>?v=<?php p($version) ?>"
36+
data-enableScripting="<?php p($enableScripting ? true : false) ?>"
37+
data-sandbox="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/build/pdf.sandbox.js'))?>"
3238
data-cmapurl="<?php p($urlGenerator->linkTo('files_pdfviewer', 'js/pdfjs/web/cmaps/')) ?>">
3339
<meta charset="utf-8">
3440
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">

0 commit comments

Comments
 (0)