I am putting together a system that automatically generates some tax forms off of user input. The original PDFs are provided by the IRS, I will just be plugging user input into relevant fields.
PDF is a large file format that I don't fully understand. I've been surprised before by some of the things it is capable. So that got me thinking, is there any sanitation I need to perform to the user input before generating the PDF? Or any special cases I should keep in mind when filling in forms with arbitrary strings from an untrusted source. Thanks in advance!
