0 Replies Latest reply on Feb 10, 2016 1:04 PM by DamonDude

    Security Issue: javascript evaluated when generating a PDF from .htm/.html file

    DamonDude Level 1

      Hello there,

       

      We have a large scale Enterprise installation of Livecycle 3.2 and we are trying to absolve a PEN test security issue in livecycle.

       

      Basically if you feed a .htm or .html file into livecycle into the PDF generator, the javascript in that .htm/.html file gets evaluated. I know that with EAS 3.2 .htm/.html files are rendered using a slightly modified version of WebKit 2.0 which there are no options to turn off the evaluation of javascript, nor is it supported with WebKit 2.0 (if I remember right). WebKit 3.0 does support turning off javascript evaluation.

       

      How can we turn off the javascript evaluation of .htm/.html files in the PDF generator, or can we override the mapping of .htm/.html files to a different HTML renderer that we have configured to our liking?

       

      Thanks for any options!

       

      Damon