JPedal Support

The Ultimate Java PDF Library SDK

Download Trial Purchase

This topic contains 1 reply, has 2 voices, and was last updated by  Mark Stephens 2 months, 2 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #3706

    Jörg Florin

    Hi, we will use JPedal 7 as a PDF viewer in our Java Swing application and have discussed some security aspects regarding JavaScript in PDF files because we have to display PDF files we have received by email or uploaded to our web server.
    Are there possible security issues in JPedal’s JavaScript implementation or JPedal in general? If so, will you provide short-term security fixes if necessary like Adobe does?
    Kind regards,
    Jörg

    #3709

    Mark Stephens
    Keymaster

    My default, JPedal will only run the PDF defined JavaScript options to validate fields using its own Java code. It does this in Java – we spot the commands and run code to do the function. There is an option to use Rhino or Nashorn instead which you would need to explicitly turn on.

    All can all be switched off with disableJavascript=true;

    So there is no security issue in JPedal which you can exploit from JavaScript.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.