Comments (4)
Thanks for reporting. The latest dev branch has already been modified to only use iframe (no object), I will look into adding the sandbox attribute.
from pdfobject.
Please note that sanitization, for the purpose of the library, should occur at a lower level when a file is read. The Sandbox attribute can help but is not the final solution to achieve sanitization. Unfortunately, I have to warn you that this task can be quite challenging to achieve due to the fact that there are no external libraries that seem to support the PDF sanitization process.
from pdfobject.
look into adding the sandbox attribute
In Chromium, at least, the PDF viewer is disabled completely in a sandboxed iframe. There is no workaround, nor afaik are there any plans to change this.
from pdfobject.
I've decided against adding sandbox for now, due to potential for breaking sites that use PDFObject. If a user wants to sandbox the iframe, the option is available via PDFObject's customAttribute
option.
Thanks
from pdfobject.
Related Issues (20)
- PDFObject Not Show and Only show Root File HOT 2
- Eraser HOT 1
- PDFObject save button option HOT 1
- Disabled download and print button HOT 1
- Use google docs PDF conversion for mobile devices? HOT 5
- [Documentation] Standalone examples of .html files + PDFObject? HOT 3
- Remove some buttons and only show one page at a time HOT 1
- Render html elements within "the full-browser embed" HOT 1
- Fails to load in IE11 HOT 8
- Is there a way to track button clicks? HOT 2
- Navigator.pdfViewerEnabled support? HOT 8
- PDFObject: Page option not working in Microsoft Edge HOT 2
- The problem occurred when using PDFObject in React: Page A embedded with duplicate Page A. HOT 3
- Cannot set properties of undefined HOT 1
- Prevent download pdf automatically HOT 1
- XSS in fallback link if url is controllable by attacker HOT 5
- base64 PDF how to set title? HOT 1
- Sign PDF with digital certificate HOT 1
- change default download file name HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pdfobject.