Launch actions were the gateway for a big security hole back back in 2010: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1240

Even with a confirmation dialog, one can get users to approve running commands that look harmless or use social engineering to convince them.

I also cannot think of any reasonable applications for this feature, especially since we're usually looking at the PDF linked from a webpage, and not in a local filesystem.

I would not implement launch actions.

Yes, I was more looking at the code. I know it has security implications which is why I haven't seriously pushed for it.

Do we at least want to make launch actions links, and tell users "sorry, actions are not supported" when clicked?

+meacer for comments, since Chromium has ExternalProtocolHandler.

I'm also slightly worried that Chrome can be the default PDF handler. That means it will handle local PDFs and will try to open external protocols while on a file:// scheme. Perhaps you could consider disabling launch actions based on the protocol?

We'd definitely need to add a confirmation dialog that shows the user the command that will be run and talks about how this could be dangerous. The command can be made to look harmless.

I really don't see much benefit in this, I don't think I've ever encountered a PDF with a launch action, nor can I think of a use case.

Bug 617944 might be a legit use case.

In the bug 617944 case, the launch action just points to another PDF file. Should we start with that use case, and just navigate to the PDF?

How big do you think the effort to implement this use case is? Isn't that the same as opening any file type?