You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PrintReadyPdf file has clearly no Javascript at all and a pro software like Pitstop does not find any malicious javascript in the PdfFile.
I think the streming of the PDF is not good enough.
Javascript can occur in a Pdf when you have forms such as :
Expected Behavior
The PrintReadyPdf should not show the warning while the other Pdf should.
The text was updated successfully, but these errors were encountered:
Yes, i believe there were no any other better solution for that at the time, in the beginning it was even intended to be "sanitizing" instead of just scanning #14998 (comment)
Maybe there are some better tools/idea now
It would probably make more sense to have it like a soft warning (like old school outlook) when the /JS is detected and not completely block it, in addition should have a button "Looks safe" to proceed the preview as usual, as the uploaded files should be trusted source or sanitized at origin.
Pimcore version
11.2.2
Steps to reproduce
Pdf with Javascript :
PDFS_CopyPastListEntries.pdf
PrintReady Pdf without Javascript can be downloaded here : http://www.folionet.fr/galilee/Arnaud/PERM_VOYAGES_PLV_GAMME_AFRICAN_COLORS_V1.pdf
Actual Behavior
The PrintReadyPdf file has clearly no Javascript at all and a pro software like Pitstop does not find any malicious javascript in the PdfFile.
I think the streming of the PDF is not good enough.
Javascript can occur in a Pdf when you have forms such as :
Expected Behavior
The PrintReadyPdf should not show the warning while the other Pdf should.
The text was updated successfully, but these errors were encountered: