WTF ... Mozilla had always running JavaScript inside PDFs disabled by default.

But now with FF 88 this option is ENABLED by default. Which means, if a PDF file contains JS it will run without any user interaction. What can possibly go wrong?

To disable this:

about:config
pdfjs.enableScripting --> false

# FF 78.10 ESR doesn't include this option and still blocks JS in PDFs by default. Just tested.

Seguir

@TFG

In the end a .pdf is like a .html nowadays. I do not think they are riskier than normal pages. They are still limited by the Javascript sandbox.

Regístrate para participar en la conversación
mastodon.la

Mastodon.la es una instancia generalista y ligeramente moderada. Bienvenidos todos los temas con buena onda, respeto y sin desnudos innecesarios :). Castellano/Español y otros lenguages bienvenidos. / Mastodon.la is a generalist instance lightly moderated. All opinions are welcome. Be cool, respectful and leave your clothes on if possible :) Spanish preferred but all languages are welcome.