Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

Warning: Yellow Bar of Death

Avatar

Level 10

Hi,

Just in with a client and working through some solutions. Showed them a dynamic form, that has previously worked; however this time when I clicked the button, I got a BIG YELLOW BAR informing that javascript was turned off due to a potential security risk AND a dialogue window nicely informing me that my script had failed!!!!

2010-02-22 Increased Security.png

Even when I clicked "trust form", the script still fails to function (although without the warning). I am too depressed to go through and check other forms. Although a quick check seems to indicate that javascript within a form will continue to work OK. This is just a warning to check your forms, that they will still function, especially those that make API calls.

I have seen this increasingly restrictive environment before, where modal dialogue was introduced for developers to expolit and then next thing it has a dire Javascript warning plastered over it. I find that this does very little to inform the user:

2010-02-22 Javascript Warning.png

What is the user meant to do? "Warning: Javascript Window". Most users are unsure! Again I can deal with this by way of instruction.

The yellow bar appears in Acrobat v 9.3.1, but probably in other versions as well.

Stefan Cameron's blog includes the following in relation to the "Javascript Blacklist Framework":

"The Adobe Reader Blog has a recent post describing what’s new with these security updates. Amongst other things, there is now a JavaScript Blacklist Framework which “provides customers granular control over the execution of specific JavaScript API calls.”

There is also an 8.2 update to Acrobat/Reader which includes some of these features as well."

The following indicate that the blacklist affects some/all (?) API calls:

http://blogs.adobe.com/adobereader/2010/01/adobe_reader_and_acrobat_versi_1.html

http://kb2.adobe.com/cps/532/cpsid_53237.html

http://www.adobe.com/support/security/advisories/apsa09-07.html

http://kb2.adobe.com/cps/532/cpsid_53237.html

Now, I appreciate that Adobe has to take steps to plug security gaps. However it is extremely frustrating when the tools available to develop dynamic solutions become so restrictive as to make the solution not viable.

The yellow bar is one problem. I can provide guidance/instruction to the user on how to deal with that. However the complicated/horror inducing/technical gibberish/dire warning that the script has failed will freak out most users. As well as discredit the developer.

I have yet to work out why the script did not work after I clicked "trust this form", but no doubt I am in the "hacker" category and will have to work up a different solution.

Following on from one of John Brinkman's blogs I have been looking at the return on investment of developing solutions in LC Designer. While I appreciate that Adobe's concerns are for the security of users, this latest step makes it harder to achieve a satisfactory ROI.

I had seen posts re the blacklist, but didn't think it would affect us - I was WRONG!!

Niall

0 Replies