|
Message-ID: <20180906162109.GB19583@takahe.colorado.edu> Date: Thu, 6 Sep 2018 10:21:09 -0600 From: Leonid Isaev <leonid.isaev@...a.colorado.edu> To: oss-security@...ts.openwall.com Subject: Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? On Thu, Sep 06, 2018 at 03:17:25PM +0200, Jakub Wilk wrote: > * Leonid Isaev <leonid.isaev@...a.colorado.edu>, 2018-09-05, 17:32: > > pdf files can contains things like javascript... > > Do any open-source PDF browsers actually execute embedded JS? Currently, evince, okular and gv don't. The same goes for zathura with its poppler backend (haven't checked this, but pretty sure). But then there is also Artifex Mupdf which, AFAIR, supports JS in pdf files (by extension, so does zathura when viewing a pdf file using the mupdf plugin). I don't know how complete that support is. Most importantly, many Android pdf/ebook readers probably include JS support. CHeers, L. -- Leonid Isaev
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.