allowing pdf.js only

Bug reports and enhancement requests
Post Reply
demoy
Posts: 2
Joined: Fri May 11, 2012 10:04 pm

allowing pdf.js only

Post by demoy » Fri May 11, 2012 10:37 pm

I have been using noscript along side pdf.js [mozilla project - i think their calling it call pdf viewer now] and i constantly need to allow All scripts from a webpage to render pdf, so could future versions allow pdf.js execute while other scripts are disabled.

The extension [pdf.js] is located at https://addons.mozilla.org/en-US/firefox/addon/pdfjs/?src=userprofile.
thanks.
Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/15.0 Firefox/15.0a1

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: allowing pdf.js only

Post by GµårÐïåñ » Fri May 11, 2012 11:10 pm

I found that allowing pdf.js that appears on the NS menu, or more specifically the resource://pdf.js as well as blob: was sufficient to get the thing to work. As for needing to allow the path, once I temporary allowed JUST the domain-path of the PDF file itself, it worked just fine, without having to do anything else. So not sure what issue you are having here.

Keep in mind PDF.js is a script file, so its treated as such. Which means that it is subject to the same restrictions and requirements as any other script that NS handles. I think the failure here is that they are releasing a raw script file as an addon when in fact if they incorporated it properly into an actual chrome architecture, this issue would be for all intents and purposes moot. So its about poor implementation than anything else.

Now Giorgio can hack a special arrangement for this particular item, but the fact is that there is no vouching or knowing for sure that it will always be benign or a trustworthy resource that cannot be exploited like anything else as an attack vector. So to weaken NS by allowing this special circumstance would be something that I think is not really our, specifically the NS developer, Giorgio's, responsibility but rather as a late comer to the party, THEY should make every effort to make it seamless rather than require compromise from everyone else. Just saying.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0

demoy
Posts: 2
Joined: Fri May 11, 2012 10:04 pm

Re: allowing pdf.js only

Post by demoy » Fri May 11, 2012 11:46 pm

fair point, thanks
Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/15.0 Firefox/15.0a1

dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: allowing pdf.js only

Post by dhouwn » Wed Aug 29, 2012 6:07 pm

Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/17.0 Firefox/17.0

tlu
Senior Member
Posts: 129
Joined: Fri Jun 05, 2009 8:01 pm

Re: allowing pdf.js only

Post by tlu » Thu Aug 30, 2012 11:24 am

GµårÐïåñ wrote:I found that allowing pdf.js that appears on the NS menu, or more specifically the resource://pdf.js as well as blob: was sufficient to get the thing to work.


Hm, I tried that but didn't succeed with NS 2.5.3rc4 and FF 16 :( Is there anything else to consider or has something changed in the meantime?



Ah - I see. Should be https://github.com/mozilla/pdf.js/pull/1943
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20120827 Firefox/16.0

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: allowing pdf.js only

Post by GµårÐïåñ » Tue Sep 04, 2012 10:36 pm

Not that I am aware of. I just tried before posting this with a random PDF (http://samplepdf.com/sample.pdf) and without even allowing the domain and just the script and blob allowed, it showed up, didn't even have to allow samplepdf.com
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0

tlu
Senior Member
Posts: 129
Joined: Fri Jun 05, 2009 8:01 pm

Re: allowing pdf.js only

Post by tlu » Wed Sep 05, 2012 11:44 am

GµårÐïåñ wrote:Not that I am aware of. I just tried before posting this with a random PDF (http://samplepdf.com/sample.pdf) and without even allowing the domain and just the script and blob allowed, it showed up, didn't even have to allow samplepdf.com


Okay, thanks. I just noticed that it works with FF 17 as mentioned by dhouwn.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/17.0 Firefox/17.0

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: allowing pdf.js only

Post by GµårÐïåñ » Sat Sep 08, 2012 7:01 pm

No problem 8-)
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1

Post Reply