Toggle/Resize PDF Embeds
|
Sep. 23, 2009, 05:37 PM
(This post was last modified: Sep. 23, 2009 05:42 PM by ProxRocks.)
Post: #1
|
|||
|
|||
Toggle/Resize PDF Embeds
this filter will only work if you are already using z12's "Toggle Flash Resize"...
it basically BLOCKS embedded PDFs until you-the-user toggles it "on" (i got fed up with a particular SSL site changing their d@mn license agreement every week or so and since i do NOT allow scripts within .pdf's, the embedded license agreement would throw up a 'do you wish to allow scripts' dialog)... with this, i do NOT need to download the NEVER-READ-ANYWAY license agreement and just click the "I Agree" button (or toggle and read) and proceed on my merry way... Code: Name = "<embed>: Toggle PDFs [add]" |
|||
Sep. 26, 2009, 09:32 PM
(This post was last modified: Sep. 26, 2009 09:33 PM by Graycode.)
Post: #2
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
(Sep. 23, 2009 05:37 PM)ProxRocks Wrote: ... and since i do NOT allow scripts within .pdf's, the embedded license agreement would throw up a 'do you wish to allow scripts' dialog)... Can Proxo modify the data content of PDF files, even with 'application/pdf' or other non-text Content-Type? The reason I ask that is I've been nailing JavaScript from PDF using my proxy. When I change all its content '/JavaScript' into '/NotaScript' then *poof* the PDF scripting is disabled. Got the idea from: http://answers.google.com/answers/thread...59827.html |
|||
Sep. 27, 2009, 02:20 AM
Post: #3
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
(Sep. 26, 2009 09:32 PM)Graycode Wrote: Can Proxo modify the data content of PDF files, even with 'application/pdf' or other non-text Content-Type? (Sep. 26, 2009 09:32 PM)Graycode Wrote: change all its content '/JavaScript' into '/NotaScript' Code: [HTTP headers] provided with no warranties of any kind, express or implied, including but not limited to... Have fun |
|||
Sep. 27, 2009, 12:43 PM
(This post was last modified: Sep. 27, 2009 12:49 PM by ProxRocks.)
Post: #4
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
i still got the (d@mn) "This document contains JavaScripts" error dialog with the filters as posted...
However, changing the [Patterns] filter to as below solved the nuisance for me - no error dialog at all, none, naughta... Code: Name = "Disable PDF scripting {JJoe} (modified)" AWESOME! edit: byte limit dropped down to 3... |
|||
Sep. 27, 2009, 05:00 PM
Post: #5
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
I wonder if "/JS" is a little too little.
Inside http://www.documents.dgs.ca.gov/osp/pdf/std020.pdf I see '/' followed by 'a-z' in what may be unrelated data. Just '/js' may get more than the scripts. Code: 247 0 obj<</S/JavaScript/JS(µiK17„$n\)\)ÈÐFx3.vìžÀ)>> I think I've seen 'obj' followed by a line return. How about Code: [HTTP headers] BTW, I'm using 'HTML Debug info' to look inside the pdf. Hmmm... Would be nice to get shonen in there Code: [HTTP headers] HTH |
|||
Sep. 27, 2009, 07:37 PM
Post: #6
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
(Sep. 27, 2009 05:00 PM)JJoe Wrote: How about using debug-info here also, kinda cool to "see" something other than html code, lol... the above is working for me... (didn't try the Shonen...) |
|||
Sep. 28, 2009, 06:49 AM
Post: #7
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
I applaud what you're doing to control undesirable aspects of certain PDF.
I've been just nailing the '/JavaScript' portion for PDF that comes from untrusted places, which seemed to kill their imbedded scripts from running. I hadn't realized that the '/JS' might also need to be hit in order to keep the reader from prompting though. |
|||
Sep. 28, 2009, 12:54 PM
Post: #8
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
i've only tested the prompting in Adobe Reader 9.1.3 (due to "office politics", i'm kinda stuck with it [though i honestly don't mind, i'm not a fan of Foxit et alia])...
although, i'm using a LITE version that i download the 'official' installer from Adobe, tweak the living crap out of it, then install without all of the useless Adobe BLOAT... another option is a proggy called "Adobe Reader SpeedUp" - but in that i've learned how to "edit" the installer myself, i've since abandoned AR SpeedUp and don't even know if it still works with the latest AR... |
|||
Oct. 04, 2009, 05:59 AM
Post: #9
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
Can PDF viewers run Javascript? I read .pdf files with a helper application. What would the script be doing in a PDF reader?
|
|||
Oct. 04, 2009, 06:36 AM
Post: #10
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
(Oct. 04, 2009 05:59 AM)Siamesecat Wrote: Can PDF viewers run Javascript? I read .pdf files with a helper application.I think most PDF viewers include the scripting ability. Quote:What would the script be doing in a PDF reader?Sometimes very simple things. Some of those from the IRS auto-format numbers you enter into their PDF forms. But they can also do malicious things. Scripting in PDF has unfortunately become a vector for malware injection. http://isc.sans.org/diary.html?storyid=6445 My personal view is that scripting doesn't belong in PDF. But it's there and that can't be ignored. I feel it's safer to kill off or otherwise disable PDF scripts, even if doing so might eliminate something potentially useful like pretty-number formatting for the IRS. |
|||
Oct. 04, 2009, 01:35 PM
Post: #11
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
it honestly never ceases to amaze me how so many people think "javascript" is a 'good thing'...
it's almost like the only way people start to "distrust" things anymore these days is if the entity contains the word "Microsoft" before it... if it were called "MS JavaScript", you know dang well that more people would be blocking it in their browsers by default and they'd be aware of its presence in .pdf files... |
|||
Oct. 12, 2009, 12:29 PM
(This post was last modified: Oct. 12, 2009 12:39 PM by defconnect.)
Post: #12
|
|||
|
|||
RE: Toggle/Resize PDF Embeds
The potential danger of embedded JavaScripts in PDFs has been proved once again: http://blog.trendmicro.com/new-adobe-zero-day-exploit/
Acrobat JavaScript is by default enabled in Adobe Acrobat/Reader. Adobe has been made aware of the problem and expects to release an update tomorrow: http://www.adobe.com/support/security/bu...09-15.html |
|||
« Next Oldest | Next Newest »
|