JavaScript not working properly in pdfium
Reported by
kidronar...@gmail.com,
Jun 13 2017
|
|||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Steps to reproduce the problem: 1. Open the attached file 2. 3. What is the expected behavior? I have a ComboBox with a default value. When the document is opened, a JS script is run in order to initialize its value to something else (taken from the values of other fields). It's using the clearItems() and insertItemAt() methods. What went wrong? The value of the ComboBox is unchanged. Apparently these methods do nothing. It's working in Acrobat. Did this work before? No Chrome version: 58.0.3029.110 Channel: n/a OS Version: 10.0 Flash Version:
,
Jun 13 2017
We can take the bug here, since the bug occurs with Chrome's PDF Viewer. Though we may need to fix some bits in PDFium.
,
Jun 17 2017
The JS methods are implemented in Field::clearItems() and Field::insertItemAt() in PDFium's fpdfsdk/javascript/Field.cpp. Both of those methods get called by the JS engine, so that's good at least. However, both methods do nothing. I believe they used to work many years ago, but our security team noticed JavaScript inside PDFs can be used to trigger security issues if they JS handlers are not implemented carefully. So someone made a decision to be safe than sorry, and deleted the functionality of many JS methods that can modify the document. So now, we get to revisit these methods and re-implement them safely.
,
Jul 3 2017
Is there an estimation how long will it take? I don't mean to rush anyone. I just need to plan my schedule.
,
Jul 4 2017
We do not have an estimate for when this will be completed. It may be a while before we get around to working on this.
,
Jul 7 2017
Were all the methods that affect Form Fields disabled, or were some left to work? is there a list of the working methods (or any other methods that can change the document's content)? If there's some other way to change the content, I might be able to use it instead. And thanks for all your help.
,
Jul 7 2017
Many still work. I don't have an exact list, but you can look at the source code if interested. In general, methods that read data are fairly safe and still work. A developer deleted some of the methods that write data, since they prioritized security over functionality. https://pdfium.googlesource.com/pdfium.git/+/c3d3bb2a036bc26ad1b3c7c5f03ce11f41529b33/fpdfsdk/javascript/Field.cpp
,
Jul 9
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 12
+tsepez to help evaluate this. FWIW, clearItems() and deleteItemAt() used to work a long time ago, say with Chrome 33. They are a bit of a security nightmare in the implementation, due to modifications being able to trigger more JS callbacks, which can loop around and delete the object that just got modified. e.g. With bug 341063. (Not publicly viewable, sorry.) Not saying this is infeasible. Just that it is difficult to get right.
,
Jul 13
I think the issue still exists. That is, many JS methods still don't work. As for whether it's likely to be fixed, I really don't know... But, maybe there's a simple workaround (although you aren't going to like it). Why not scan the document for any JS method that isn't implemented, and if there is, simple call Adobe Acrobat (or whatever is Windows' default viewer) to view the document, as it won't be shown correctly in Chrome anyway. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 Deleted