https://bugs.kde.org/show_bug.cgi?id=480191
Bug ID: 480191 Summary: Allow user to disable JavaScript support. Classification: Applications Product: okular Version: 22.12.3 Platform: Debian stable OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: PDF backend Assignee: okular-devel@kde.org Reporter: paul.mil...@desy.de Target Milestone: --- SUMMARY JavaScript support increases the attack surface should the Okular user be given a malicious PDF file. It would be helpful if Okular warned the user before executing any embedded JavaScript. Similarly, it would be helpful if the user could disable JavaScript support altogether, particularly when the PDF came from an untrusted source. STEPS TO REPRODUCE 1. Download example PDF from https://www.pdfscripting.com/public/FreeStuff/PDFSamples/JavaScriptClock.pdf 2. Open file with okular OBSERVED RESULT JavaScript code is executed without warning the user. Okular seems to provide no way to disable JavaScript. EXPECTED RESULT I would like to be warned before Okular starts executing JavaScript. I would also like to see a configuration option that allows the user to disable JavaScript support. -- You are receiving this mail because: You are the assignee for the bug.