[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Sep 2018 10:21:09 -0600
From: Leonid Isaev <leonid.isaev@...a.colorado.edu>
To: oss-security@...ts.openwall.com
Subject: Re: Re: More Ghostscript Issues: Should we disable PS
coders in policy.xml by default?
On Thu, Sep 06, 2018 at 03:17:25PM +0200, Jakub Wilk wrote:
> * Leonid Isaev <leonid.isaev@...a.colorado.edu>, 2018-09-05, 17:32:
> > pdf files can contains things like javascript...
>
> Do any open-source PDF browsers actually execute embedded JS?
Currently, evince, okular and gv don't. The same goes for zathura with its
poppler backend (haven't checked this, but pretty sure). But then there is also
Artifex Mupdf which, AFAIR, supports JS in pdf files (by extension, so does
zathura when viewing a pdf file using the mupdf plugin). I don't know how
complete that support is. Most importantly, many Android pdf/ebook readers
probably include JS support.
CHeers,
L.
--
Leonid Isaev
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
