intbot/ng2-pdfjs-viewer

Posible javascript injection

MerlijnvdBerg opened this issue · 1 comments

PDF actions can contain javascript which is then run on load.

Angular: 14.1.1
ng2-pdfjs-viewer: 14.0

<<
/Type /Action
/S /JavaScript
/JS (this.print\({bUI:true,bSilent:false,bShrinkToFit:true}\);)
>>

I can not share the PDF due to confidential information. but it contains the above action.