Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Security Issue: javascript evaluated when generating a PDF from .htm/.html file


Level 1

Hello there,

We have a large scale Enterprise installation of Livecycle 3.2 and we are trying to absolve a PEN test security issue in livecycle.

Basically if you feed a .htm or .html file into livecycle into the PDF generator, the javascript in that .htm/.html file gets evaluated. I know that with EAS 3.2 .htm/.html files are rendered using a slightly modified version of WebKit 2.0 which there are no options to turn off the evaluation of javascript, nor is it supported with WebKit 2.0 (if I remember right). WebKit 3.0 does support turning off javascript evaluation.

How can we turn off the javascript evaluation of .htm/.html files in the PDF generator, or can we override the mapping of .htm/.html files to a different HTML renderer that we have configured to our liking?

Thanks for any options!


0 Replies