Comments (3)
Yes sure you are right.
But the algorithm is simply wrong. This is not what should be done in order to detect Javascript in PDFs....
from pimcore.
I guess then there is a false positive due to this
pimcore/models/Asset/Document.php
Line 180 in c1d4c2a
from pimcore.
Yes, i believe there were no any other better solution for that at the time, in the beginning it was even intended to be "sanitizing" instead of just scanning #14998 (comment)
Maybe there are some better tools/idea now
It would probably make more sense to have it like a soft warning (like old school outlook) when the /JS
is detected and not completely block it, in addition should have a button "Looks safe" to proceed the preview as usual, as the uploaded files should be trusted source or sanitized at origin.
from pimcore.
Related Issues (20)
- Custom View not saving the path using the Perspective Editor HOT 1
- [Improvement]: Slow loading in mapping tap in data-importer when have a lot of attributes mapped HOT 1
- [Improvement]: Add admin async loading to reverseObjectRelation HOT 1
- [Bug]: object cache is not getting generated automatically HOT 2
- Imagick Alternative for Image Transformations / Thumbnails HOT 7
- [Bug]: published field show incorect value when preview a version created in pimcore 10
- [Improvement]: Refine `phpoffice/phpspreadsheet` requirement
- [Bug]: Pimcore workflow permissions which we give in yaml file is conflicting with keybindings HOT 1
- Upgrade to doctrine V4
- [Bug]: CleanupBrickTask does not handle inial lower case letter in bricks and fieldcollections
- [Feature]: allow forbidding uploading duplicate assets
- [Improvement]: further introduce JSON-types for non-primitive data
- [Bug]: `MyDataObject::getByField($value, limit: 1)` doesn't return a single object (when named parameters are used) HOT 3
- [Bug]: Custom view broke tree displaying
- [Improvement]: Change condition in query for custom view children in tree structure HOT 1
- PhpStan Version Upgrade June
- [Improvement]: Do not warn if ffmpeg is not installed
- [Bug]: Dynamic Text Block breaks Grid options
- [Bug]: checkAllowedFormats throws an error when the format ORIGINAL is used HOT 1
- [Improvement]: In the video lectures of Pimcore Academy, the audio is muted/missing for the last 40 seconds. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pimcore.