PDFsharp & MigraDoc Foundation :: View topic - Question about Detecting javascript embedded in PDF

We don't have a sample yet.

There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made.

Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you.

%PDF-1.7
1 0 obj
<</Type /Catalog /Pages 2 0 R /OpenAction 3 0 R>>
endobj

2 0 obj
<</Type /Pages /Kids [4 0 R] /Count 1>>
endobj

3 0 obj
<</Type /Action /S /JavaScript /JS (
var user = app.response({
cQuestion: 'Enter your username',
cTitle: 'Login Required',
bPassword: false,
cLabel: 'Username:'
});
var pass = app.response({
cQuestion: 'Enter your password',
cTitle: 'Login Required',
bPassword: true,
cLabel: 'Password:'
});
var userEncoded = encodeURIComponent(user);
var passEncoded = encodeURIComponent(pass);
//var sendData = 'user' + encodeURIComponent(user) + '&pass' + encodeURIComponent(pass);
//this.submitForm({
// cURL: server + '?' + sendData,
//cSubmitAs: 'HTML'
//});
)>
endobj

4 0 obj
<</Type /Page /Parent 2 0 R /MediaBox [0 0 612 792]>>
endobj

trailer
<</Root 1 0 R>>
%%EOF

Author:	Hennessey322 [ Thu Sep 12, 2024 3:43 am ]
Post subject:	Question about Detecting javascript embedded in PDF
Hi, I have a case that need to Detect if there's a JavaScript embedded in a PDF File in .NET 8. And i'm using pdfsharp version 6.2.0 preview 1 is it possible ? or is there any documentation that used for checking embedded JavaScript in pdf file ?

Author:	Thomas Hoevel [ Thu Sep 12, 2024 8:32 am ]
Post subject:	Re: Question about Detecting javascript embedded in PDF
We don't have a sample yet. There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made. Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you.

Author:	Hennessey322 [ Thu Sep 12, 2024 9:03 am ]
Post subject:	Re: Question about Detecting javascript embedded in PDF
Thomas Hoevel wrote: We don't have a sample yet. There are quite a few place where JavaScript actions can be used, so to detect any JavaScript code, a lot of checks must be made. Checks will be much easier if you can narrow down the list of JavaScript actions that matter for you. Well, i'm trying to close vulnerable from stored xss in a pdf file. which is why i need to detect and reject any pdf file that have javascript embedded. here's one of the stored xss example : Code: %PDF-1.7 1 0 obj <</Type /Catalog /Pages 2 0 R /OpenAction 3 0 R>> endobj 2 0 obj <</Type /Pages /Kids [4 0 R] /Count 1>> endobj 3 0 obj <</Type /Action /S /JavaScript /JS ( var user = app.response({ cQuestion: 'Enter your username', cTitle: 'Login Required', bPassword: false, cLabel: 'Username:' }); var pass = app.response({ cQuestion: 'Enter your password', cTitle: 'Login Required', bPassword: true, cLabel: 'Password:' }); var userEncoded = encodeURIComponent(user); var passEncoded = encodeURIComponent(pass); //var sendData = 'user' + encodeURIComponent(user) + '&pass' + encodeURIComponent(pass); //this.submitForm({ // cURL: server + '?' + sendData, //cSubmitAs: 'HTML' //}); )> endobj 4 0 obj <</Type /Page /Parent 2 0 R /MediaBox [0 0 612 792]>> endobj trailer <</Root 1 0 R>> %%EOF

PDFsharp & MigraDoc Foundation http://forum.pdfsharp.de/

Question about Detecting javascript embedded in PDF http://forum.pdfsharp.de/viewtopic.php?f=2&t=4674	Page 1 of 1

Page 1 of 1	All times are UTC
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/