search

intbot / ng2-pdfjs-viewer

An angular component for PDFJS and ViewerJS (Supports all versions of angular)
Apache License 2.0
225 stars 113 forks source link

Posible javascript injection #220

Open MerlijnvdBerg opened 1 year ago

MerlijnvdBerg commented 1 year ago

PDF actions can contain javascript which is then run on load.

Angular: 14.1.1 ng2-pdfjs-viewer: 14.0

<<
/Type /Action
/S /JavaScript
/JS (this.print\({bUI:true,bSilent:false,bShrinkToFit:true}\);)
>>

I can not share the PDF due to confidential information. but it contains the above action.

codehippie1 commented 1 month ago

@MerlijnvdBerg I will look into this.