Security Issue: javascript evaluated when generating a PDF from .htm/.html file

DamonDude

10-02-2016

Hello there,

We have a large scale Enterprise installation of Livecycle 3.2 and we are trying to absolve a PEN test security issue in livecycle.

Basically if you feed a .htm or .html file into livecycle into the PDF generator, the javascript in that .htm/.html file gets evaluated. I know that with EAS 3.2 .htm/.html files are rendered using a slightly modified version of WebKit 2.0 which there are no options to turn off the evaluation of javascript, nor is it supported with WebKit 2.0 (if I remember right). WebKit 3.0 does support turning off javascript evaluation.

How can we turn off the javascript evaluation of .htm/.html files in the PDF generator, or can we override the mapping of .htm/.html files to a different HTML renderer that we have configured to our liking?

Thanks for any options!

Damon

Accepted Solutions (0)

Answers (0)