Giter Site home page Giter Site logo

Comments (10)

shamoon avatar shamoon commented on June 10, 2024 1

Yea, we ended up internalizing this package and upgrading pdfjs to 3.x but 4.x has so many breaking changes it'd be a lot of work to migrate. Hasn't been a meaningful update here for many months but you never know.

from ng2-pdf-viewer.

shamoon avatar shamoon commented on June 10, 2024 1

Yes, I believe so

from ng2-pdf-viewer.

shamoon avatar shamoon commented on June 10, 2024

This repo has been quiet for some time and pdfjs is pretty far behind now. Hoping the project does get revived but unclear. If moving to 4.x is not on the table, the workaround is to set the option isEvalSupported to false, thats our plan.

from ng2-pdf-viewer.

maximedupre avatar maximedupre commented on June 10, 2024

This repo has been quiet for some time and pdfjs is pretty far behind now. Hoping the project does get revived but unclear. If moving to 4.x is not on the table, the workaround is to set the option isEvalSupported to false, thats our plan.

That's a good workaround, although it will not resolve the Dependabot alert unless one chooses to dismiss the alert manually, which I suppose is a decent compromise, because I'm not sure this project will ever update 2 major versions to catch up with pdfjs 😅

from ng2-pdf-viewer.

Bscout2011 avatar Bscout2011 commented on June 10, 2024

I forked and pushed a commit, but there are build issues with pdfjs-dist. The pdfjs github repo does not contain any code related to PromiseWithResolvers or WeakKey.

./node_modules/pdfjs-dist/build/pdf.mjs - Error: Module parse failed: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)
File was processed with these loaders:
 * ./node_modules/@angular-devkit/build-angular/src/tools/babel/webpack-loader.js
 * ./node_modules/source-map-loader/dist/cjs.js
You may need an additional loader to handle the result of these loaders.
Error: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)

./node_modules/pdfjs-dist/web/pdf_viewer.mjs - Error: Module parse failed: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)
File was processed with these loaders:
 * ./node_modules/@angular-devkit/build-angular/src/tools/babel/webpack-loader.js
 * ./node_modules/source-map-loader/dist/cjs.js
You may need an additional loader to handle the result of these loaders.
Error: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)

Error: node_modules/pdfjs-dist/types/src/display/api.d.ts:686:23 - error TS2304: Cannot find name 'PromiseWithResolvers'.
686     _readyCapability: PromiseWithResolvers<any>;
                          ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/src/display/api.d.ts:738:18 - error TS2304: Cannot find name 'PromiseWithResolvers'.
738     _capability: PromiseWithResolvers<any>;
                     ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/src/display/api.d.ts:1381:23 - error TS2304: Cannot find name 'PromiseWithResolvers'.
1381     _readyCapability: PromiseWithResolvers<any>;
                           ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/src/display/text_layer.d.ts:101:18 - error TS2304: Cannot find name 'PromiseWithResolvers'.
101     _capability: PromiseWithResolvers<any>;
                     ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/web/pdf_find_controller.d.ts:105:27 - error TS2304: Cannot find name 'PromiseWithResolvers'.
105     _firstPageCapability: PromiseWithResolvers<any> | undefined;
                              ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/web/pdf_viewer.d.ts:296:27 - error TS2304: Cannot find name 'PromiseWithResolvers'.
296     _firstPageCapability: PromiseWithResolvers<any> | undefined;
                              ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/web/pdf_viewer.d.ts:297:33 - error TS2304: Cannot find name 'PromiseWithResolvers'.
297     _onePageRenderedCapability: PromiseWithResolvers<any> | undefined;
                                    ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/web/pdf_viewer.d.ts:298:23 - error TS2304: Cannot find name 'PromiseWithResolvers'.
298     _pagesCapability: PromiseWithResolvers<any> | undefined;
                          ~~~~~~~~~~~~~~~~~~~~

Error: node_modules/pdfjs-dist/types/web/text_layer_builder.d.ts:36:32 - error TS2304: Cannot find name 'WeakKey'.
36     textDivProperties: WeakMap<WeakKey, any>;
                                  ~~~~~~~
× Failed to compile.

Would you all know how to resolve the build issue?

from ng2-pdf-viewer.

shamoon avatar shamoon commented on June 10, 2024

Updating this project to pdfjs 4.x is going to require a lot more than just the changes in that commit to actually work, I think. Before 4 came out I opened a PR #1027 for 3.x but 4.x has lots of breaking changes. Unfortunately it seems this CVE patch is not going to be back-ported to 3.x (nor 2.x).

from ng2-pdf-viewer.

ftaffelt avatar ftaffelt commented on June 10, 2024

@shamoon saw your fix to mitigate the isEvalSupported in the paperless-ngx project. I'm not really sure, but i think setting the global property to false:
PDFJS['isEvalSupported'] = false
https://github.com/paperless-ngx/paperless-ngx/blob/ac666df4ceea92a12fa648e885094a3a1b65a730/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts#L38

does nothing, because there isn't a global property with this name. I think it once existed in a very, very old version of PDFJS.

Annother way to disable the evaluation of the JS code would be via the getDocument function, which supports configuration via the DocumentInitParameters object which in turn has a property isEvalSupported:

const params: any = {cMapUrl: this._cMapsUrl, cMapPacked: true, enableXfa: true, isEvalSupported:false }
https://github.com/paperless-ngx/paperless-ngx/blob/ac666df4ceea92a12fa648e885094a3a1b65a730/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts#L438-L442

from ng2-pdf-viewer.

shamoon avatar shamoon commented on June 10, 2024

Thanks, docs are very sparse so I wasnt sure. Looks like it's in DocumentInitParameters https://mozilla.github.io/pdf.js/api/draft/module-pdfjsLib.html . Your suggestion would indeed default it to true but not force it to, I think just params.isEvalSupported = false will do it.

Thanks again.

from ng2-pdf-viewer.

maximedupre avatar maximedupre commented on June 10, 2024

@shamoon We still have to dismiss the vulnerability alert manually right?

from ng2-pdf-viewer.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.