As evidenced by the recent vulnerability found in pdf.js, arbitrary string execution in JS is always a potential danger, no matter how many precautions are taken to prevent arbitrary code execution.
This PR allows setting the isEvalSupported to false so this can be disabled while parsing the PDF.
Important note!
The default value in this PR is true (as is currently the case). Theoretically, it should be fine to set the default to false, as it appears isEvalSupported is only used for performance gains, but to be 100% sure that existing code doesn't break, this PR maintains the current behaviour. Feel free to change this.
As evidenced by the recent vulnerability found in pdf.js, arbitrary string execution in JS is always a potential danger, no matter how many precautions are taken to prevent arbitrary code execution.
This PR allows setting the
isEvalSupportedtofalseso this can be disabled while parsing the PDF.Important note!
The default value in this PR is
true(as is currently the case). Theoretically, it should be fine to set the default tofalse, as it appearsisEvalSupportedis only used for performance gains, but to be 100% sure that existing code doesn't break, this PR maintains the current behaviour. Feel free to change this.