[Bug]: This PDF file contains JavaScript. If you want to view it, please download and open it in your local PDF viewer.

[abernardgalilee]

Pimcore version

11.2.2

Steps to reproduce

Pdf with Javascript :
PDFS_CopyPastListEntries.pdf
PrintReady Pdf without Javascript can be downloaded here : http://www.folionet.fr/galilee/Arnaud/PERM_VOYAGES_PLV_GAMME_AFRICAN_COLORS_V1.pdf

Actual Behavior

The PrintReadyPdf file has clearly no Javascript at all and a pro software like Pitstop does not find any malicious javascript in the PdfFile.
I think the streming of the PDF is not good enough.
Javascript can occur in a Pdf when you have forms such as :

Expected Behavior

The PrintReadyPdf should not show the warning while the other Pdf should.

[kingjia90]

I guess then there is a false positive due to this

pimcore/models/Asset/Document.php

Line 180 in c1d4c2a

if (str_contains($chunk, '/JS') || str_contains($chunk, '/JavaScript')) {

[abernardgalilee]

Yes sure you are right.
But the algorithm is simply wrong. This is not what should be done in order to detect Javascript in PDFs....

[kingjia90]

Yes, i believe there were no any other better solution for that at the time, in the beginning it was even intended to be "sanitizing" instead of just scanning #14998 (comment)
Maybe there are some better tools/idea now

It would probably make more sense to have it like a soft warning (like old school outlook) when the /JS is detected and not completely block it, in addition should have a button "Looks safe" to proceed the preview as usual, as the uploaded files should be trusted source or sanitized at origin.