Hello there,
We have a large scale Enterprise installation of Livecycle 3.2 and we are trying to absolve a PEN test security issue in livecycle.
Basically if you feed a .htm or .html file into livecycle into the PDF generator, the javascript in that .htm/.html file gets evaluated. I know that with EAS 3.2 .htm/.html files are rendered using a slightly modified version of WebKit 2.0 which there are no options to turn off the evaluation of javascript, nor is it supported with WebKit 2.0 (if I remember right). WebKit 3.0 does support turning off javascript evaluation.
How can we turn off the javascript evaluation of .htm/.html files in the PDF generator, or can we override the mapping of .htm/.html files to a different HTML renderer that we have configured to our liking?
Thanks for any options!
Damon
