PDFsharp & MigraDoc Foundation

PDFsharp - A .NET library for processing PDF & MigraDoc Foundation - Creating documents on the fly
It is currently Thu Sep 26, 2024 10:05 pm

All times are UTC


Forum rules


Please read this before posting on this forum: Forum Rules



Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Thu Sep 12, 2024 3:43 am 
Offline

Joined: Thu Sep 12, 2024 3:34 am
Posts: 2
Hi, I have a case that need to Detect if there's a JavaScript embedded in a PDF File in .NET 8. And i'm using pdfsharp version 6.2.0 preview 1

is it possible ? or is there any documentation that used for checking embedded JavaScript in pdf file ?


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 12, 2024 8:32 am 
Offline
PDFsharp Guru
User avatar

Joined: Mon Oct 16, 2006 8:16 am
Posts: 3110
Location: Cologne, Germany
We don't have a sample yet.

There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made.

Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you.

_________________
Regards
Thomas Hoevel
PDFsharp Team


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 12, 2024 9:03 am 
Offline

Joined: Thu Sep 12, 2024 3:34 am
Posts: 2
Thomas Hoevel wrote:
We don't have a sample yet.

There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made.

Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you.


Well, i'm trying to close vulnerable from stored xss in a pdf file. which is why i need to detect and reject any pdf file that have javascript embedded.

here's one of the stored xss example :
Code:
%PDF-1.7
1 0 obj
<</Type /Catalog /Pages 2 0 R /OpenAction 3 0 R>>
endobj

2 0 obj
<</Type /Pages /Kids [4 0 R] /Count 1>>
endobj

3 0 obj
<</Type /Action /S /JavaScript /JS (
var user = app.response({
cQuestion: 'Enter your username',
cTitle: 'Login Required',
bPassword: false,
cLabel: 'Username:'
});
var pass = app.response({
cQuestion: 'Enter your password',
cTitle: 'Login Required',
bPassword: true,
cLabel: 'Password:'
});
var userEncoded = encodeURIComponent(user);
var passEncoded = encodeURIComponent(pass);
//var sendData = 'user' + encodeURIComponent(user) + '&pass' + encodeURIComponent(pass);
//this.submitForm({
// cURL: server + '?' + sendData,
//cSubmitAs: 'HTML'
//});
)>
endobj

4 0 obj
<</Type /Page /Parent 2 0 R /MediaBox [0 0 612 792]>>
endobj

trailer
<</Root 1 0 R>>
%%EOF


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 76 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Privacy Policy, Data Protection Declaration, Impressum
Powered by phpBB® Forum Software © phpBB Group