Comments (13)
Yea, we ended up internalizing this package and upgrading pdfjs to 3.x but 4.x has so many breaking changes it'd be a lot of work to migrate. Hasn't been a meaningful update here for many months but you never know.
from ng2-pdf-viewer.
Yes, I believe so
from ng2-pdf-viewer.
This repo has been quiet for some time and pdfjs is pretty far behind now. Hoping the project does get revived but unclear. If moving to 4.x is not on the table, the workaround is to set the option isEvalSupported
to false
, thats our plan.
from ng2-pdf-viewer.
This repo has been quiet for some time and pdfjs is pretty far behind now. Hoping the project does get revived but unclear. If moving to 4.x is not on the table, the workaround is to set the option
isEvalSupported
tofalse
, thats our plan.
That's a good workaround, although it will not resolve the Dependabot alert unless one chooses to dismiss the alert manually, which I suppose is a decent compromise, because I'm not sure this project will ever update 2 major versions to catch up with pdfjs 😅
from ng2-pdf-viewer.
I forked and pushed a commit, but there are build issues with pdfjs-dist. The pdfjs github repo does not contain any code related to PromiseWithResolvers
or WeakKey
.
./node_modules/pdfjs-dist/build/pdf.mjs - Error: Module parse failed: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)
File was processed with these loaders:
* ./node_modules/@angular-devkit/build-angular/src/tools/babel/webpack-loader.js
* ./node_modules/source-map-loader/dist/cjs.js
You may need an additional loader to handle the result of these loaders.
Error: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)
./node_modules/pdfjs-dist/web/pdf_viewer.mjs - Error: Module parse failed: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)
File was processed with these loaders:
* ./node_modules/@angular-devkit/build-angular/src/tools/babel/webpack-loader.js
* ./node_modules/source-map-loader/dist/cjs.js
You may need an additional loader to handle the result of these loaders.
Error: The top-level-await experiment is not enabled (set experiments.topLevelAwait: true to enabled it)
Error: node_modules/pdfjs-dist/types/src/display/api.d.ts:686:23 - error TS2304: Cannot find name 'PromiseWithResolvers'.
686 _readyCapability: PromiseWithResolvers<any>;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/src/display/api.d.ts:738:18 - error TS2304: Cannot find name 'PromiseWithResolvers'.
738 _capability: PromiseWithResolvers<any>;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/src/display/api.d.ts:1381:23 - error TS2304: Cannot find name 'PromiseWithResolvers'.
1381 _readyCapability: PromiseWithResolvers<any>;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/src/display/text_layer.d.ts:101:18 - error TS2304: Cannot find name 'PromiseWithResolvers'.
101 _capability: PromiseWithResolvers<any>;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/web/pdf_find_controller.d.ts:105:27 - error TS2304: Cannot find name 'PromiseWithResolvers'.
105 _firstPageCapability: PromiseWithResolvers<any> | undefined;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/web/pdf_viewer.d.ts:296:27 - error TS2304: Cannot find name 'PromiseWithResolvers'.
296 _firstPageCapability: PromiseWithResolvers<any> | undefined;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/web/pdf_viewer.d.ts:297:33 - error TS2304: Cannot find name 'PromiseWithResolvers'.
297 _onePageRenderedCapability: PromiseWithResolvers<any> | undefined;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/web/pdf_viewer.d.ts:298:23 - error TS2304: Cannot find name 'PromiseWithResolvers'.
298 _pagesCapability: PromiseWithResolvers<any> | undefined;
~~~~~~~~~~~~~~~~~~~~
Error: node_modules/pdfjs-dist/types/web/text_layer_builder.d.ts:36:32 - error TS2304: Cannot find name 'WeakKey'.
36 textDivProperties: WeakMap<WeakKey, any>;
~~~~~~~
× Failed to compile.
Would you all know how to resolve the build issue?
from ng2-pdf-viewer.
Updating this project to pdfjs 4.x is going to require a lot more than just the changes in that commit to actually work, I think. Before 4 came out I opened a PR #1027 for 3.x but 4.x has lots of breaking changes. Unfortunately it seems this CVE patch is not going to be back-ported to 3.x (nor 2.x).
from ng2-pdf-viewer.
@shamoon saw your fix to mitigate the isEvalSupported in the paperless-ngx project. I'm not really sure, but i think setting the global property to false:
PDFJS['isEvalSupported'] = false
https://github.com/paperless-ngx/paperless-ngx/blob/ac666df4ceea92a12fa648e885094a3a1b65a730/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts#L38
does nothing, because there isn't a global property with this name. I think it once existed in a very, very old version of PDFJS.
Annother way to disable the evaluation of the JS code would be via the getDocument function, which supports configuration via the DocumentInitParameters object which in turn has a property isEvalSupported:
const params: any = {cMapUrl: this._cMapsUrl, cMapPacked: true, enableXfa: true, isEvalSupported:false }
https://github.com/paperless-ngx/paperless-ngx/blob/ac666df4ceea92a12fa648e885094a3a1b65a730/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts#L438-L442
from ng2-pdf-viewer.
Thanks, docs are very sparse so I wasnt sure. Looks like it's in DocumentInitParameters https://mozilla.github.io/pdf.js/api/draft/module-pdfjsLib.html . Your suggestion would indeed default it to true but not force it to, I think just params.isEvalSupported = false
will do it.
Thanks again.
from ng2-pdf-viewer.
@shamoon We still have to dismiss the vulnerability alert manually right?
from ng2-pdf-viewer.
@shamoon , can you help me on disabling sEvalSupported =false from ng2-pdf-viewer, as we are not using pdf-dist library directly , to solve this vulnerability issue
from ng2-pdf-viewer.
Related Issues (20)
- Large file not shows starting pages quickly, is there any way to control chunk requests' sequence for linearization?
- How to get total page count of PDF? HOT 1
- CSP unsafe-inline directive blocks pdf viewer
- Not rendering PDF in angular 17, ng2-pdf-viewer : v10.0.0 HOT 1
- Perticular renge load like pages 5-12 only
- Can't show pdf error ERR_CERT_DATE_INVALID HOT 3
- Thumbnail View I have shown up but scroll issue happned
- Range requests / partial responses do not work in chrome
- Anchor-link in PDF file.
- ng-pdf-viewer showing black screen HOT 2
- How I can acess RenderParameters from pdf.js
- Update pdfjs-dist to 4.2.67 or later HOT 10
- TS2304: Cannot find name 'WeakKey'. HOT 7
- scrollPageIntoView: "1" is not a valid pageNumber parameter.
- Whats the recommended version to use with angular 15 ?
- (page-rendered)="pdfPageRendered2($event)" event is not working as expected with angular 16.2.12 & ng2-pdf-viewer v^9.1.5
- Cannot find name 'WeakKey'. version 10.2.2 HOT 8
- (Snyk Security Code Tool) Arbitrary Code Injection affecting package pdfjs-dist HOT 5
- No loader is configured for ".node" files: node_modules/canvas/build/Release/canvas.node HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ng2-pdf-viewer.