| Summary: | Allow user to disable JavaScript support. | ||
|---|---|---|---|
| Product: | [Applications] okular | Reporter: | Paul Millar <paul.millar> |
| Component: | PDF backend | Assignee: | Okular developers <okular-devel> |
| Status: | REPORTED --- | ||
| Severity: | wishlist | CC: | aacid, cecij72018, kubry |
| Priority: | NOR | ||
| Version First Reported In: | 22.12.3 | ||
| Target Milestone: | --- | ||
| Platform: | Debian stable | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Paul Millar
2024-01-22 21:47:36 UTC
+1 for a checkbox to disable JS in the settings. Other document readers like Evince and GNOME Papers don't support JavaScript for PDFs for security reasons. Most malicious PDF documents contain JavaScript. As corporate environments have to check PDF attachments a lot, an option to disable JavaScript would improve security and reliability in a corporate environment, as well as for any user who prefers to disable JavaScript. It could also improve performance for some PDFs, not to mention the positive effect it could have on the environment for not running JS and wasting CPU cycles for a PDF, which could very likely be a malicious file. Most people use PDFs to view formatted texts and images (media), and are unaware of scripts running behind the scene. So, an option to disable JS in PDFs is a very useful, and in my opinion, a must have feature. I would be very grateful if such a feature exists, as a user who deals with hundreds of PDFs. Thank you, hope to catch the Okular contributors' attention with this. > Other document readers like Evince and GNOME Papers don't support JavaScript for PDFs for security reasons. Not true > Most malicious PDF documents contain JavaScript. Not true > It could also improve performance for some PDFs, not to mention the positive effect it could have on the environment for not running JS and wasting CPU cycles for a PDF, which could very likely be a malicious file Not true (In reply to Albert Astals Cid from comment #2) > > Other document readers like Evince and GNOME Papers don't support JavaScript for PDFs for security reasons. > > Not true > > > Most malicious PDF documents contain JavaScript. > > Not true > > > It could also improve performance for some PDFs, not to mention the positive effect it could have on the environment for not running JS and wasting CPU cycles for a PDF, which could very likely be a malicious file > > Not true I apologize for having the wrong ideas or phrasing them poorly. I will make sure to look up more reliable information in the future and not trust Reddit, before requesting feature requests. I appreciate your constructive criticisms, Albert. The reason why I thought about disabling JavaScript was this website: https://gnupg.com/gnupg-desktop.html#okular. They said they disable scripting in Okular to harden it. I trust GnuPG. After researching and reading some Reddit posts I thought disabling scripting might make me more secure as I don't deal with JS but I certainly deal with hundreds of PDFs monthly, many of which come from untrustworthy sources. Thank you for your understanding. This bug report may remain open if anyone has any constructive argument to support this feature, otherwise it may be closed. |