[edit: I've changed my thoughts on this - please see post below]
Clearly it's very important to keep the trusted locations very locked down from scripts, but this suggestion is for a way for a script (possibly with a trusted function) to provide a dialog to the user to add a trusted File/Host Name pattern:
Currently the only automated way to add trusted locations is to add individual files through a similar alert.
[javascript FR] trusted locations related to privileged context
Moderators: PDF-XChange Support, Daniel - PDF-XChange, Chris - PDF-XChange, Sean - PDF-XChange, Vasyl - PDF-XChange, Ivan - Tracker Software, Stefan - PDF-XChange, Tracker - Clarion Support, John - Tracker Supp, Support Staff, moderators
-
Mathew
- User
- Posts: 775
- Joined: Thu Jun 19, 2014 7:30 pm
[javascript FR] trusted locations related to privileged context
You do not have the required permissions to view the files attached to this post.
Last edited by Mathew on Mon Jan 05, 2026 9:22 pm, edited 3 times in total.
-
Daniel - PDF-XChange
- Site Admin
- Posts: 12538
- Joined: Wed Jan 03, 2018 6:52 pm
Re: [javascript FR] command for js to suggest a trusted location
Hello, Mathew
Thank you for the suggestion, I cannot make any promises here, but I have passed it along for review
Kind regards,
Thank you for the suggestion, I cannot make any promises here, but I have passed it along for review
Kind regards,
Dan McIntyre - Support Technician
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
-
Mathew
- User
- Posts: 775
- Joined: Thu Jun 19, 2014 7:30 pm
Re: [javascript FR] trusted locations related to privileged context
I've thought more about this and changed the subject of this FR because I think a better approach is for PDF XChange to use the privilege context that applies for all the other javascript methods. As this relates to file opening and saving, I agree that an additional level of protection may be required (ie if a location is marked as Not Trusted, or is a sensitive location such as %SystemRoot%, %ProgramFiles%, etc then either a security alert or the action is rejected outright).
For the discussion below, "privileged context" means: Batch event, Console event, or application initialization event, but primarily app.trustedFunction with raised execution privilege (app.beginPriv()).
app.openDoc does not have any privilege related restrictions in the API, which I disagree with. I think it should be allowed to open documents without a security alert only if run from a privileged context.
Document import/export/save (doc.exportAsText, doc.exportAsFDF, doc.exportAsXFDF, doc.importDataObject, doc.importTextData, doc.saveAs) should be allowed without a security alert if run from a privileged context.
doc.importAnFDF, doc.importAnXFDF both could install scripts so both should have privilege related restrictions also (the API doesn't have them). Again, though, they should be allowed without a security alert if run from a privileged context.
I think the concept of privileged context effectively means that scripts are either run directly by the user (ie pasted in the console, or pasted into the console and run) or are installed by the user (scripts that are loaded with the application). Having an additional security alert in these contexts dilutes the value of the alert (a user will become used to dismissing it, so won't pay as much attention), so should be reserved for cases where the user may be unaware that that action is possible.
For the discussion below, "privileged context" means: Batch event, Console event, or application initialization event, but primarily app.trustedFunction with raised execution privilege (app.beginPriv()).
app.openDoc does not have any privilege related restrictions in the API, which I disagree with. I think it should be allowed to open documents without a security alert only if run from a privileged context.
Document import/export/save (doc.exportAsText, doc.exportAsFDF, doc.exportAsXFDF, doc.importDataObject, doc.importTextData, doc.saveAs) should be allowed without a security alert if run from a privileged context.
doc.importAnFDF, doc.importAnXFDF both could install scripts so both should have privilege related restrictions also (the API doesn't have them). Again, though, they should be allowed without a security alert if run from a privileged context.
I think the concept of privileged context effectively means that scripts are either run directly by the user (ie pasted in the console, or pasted into the console and run) or are installed by the user (scripts that are loaded with the application). Having an additional security alert in these contexts dilutes the value of the alert (a user will become used to dismissing it, so won't pay as much attention), so should be reserved for cases where the user may be unaware that that action is possible.
-
Daniel - PDF-XChange
- Site Admin
- Posts: 12538
- Joined: Wed Jan 03, 2018 6:52 pm
Re: [javascript FR] trusted locations related to privileged context
Hello, Mathew
Thank you for the expanded thoughts, I have added these to the conversation with the Devs so we can get a better response from them
Kind regards,
Thank you for the expanded thoughts, I have added these to the conversation with the Devs so we can get a better response from them
Kind regards,
Dan McIntyre - Support Technician
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
PDF-XChange Co. LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com