Comments (10)
Should be fixed via #1092 I suppose?
from ng2-pdf-viewer.
Cve is resolved, but updating would give some other benefits anyway
from ng2-pdf-viewer.
Yea, worth noting though that pdfjs 4.x has major breaking changes. When I looked at it, it seemed like it would require major rewrites to this package. Not that it's impossible, of course, but certainly not a quick thing. At the very least though this issue is probably a duplicate of #1078
from ng2-pdf-viewer.
Yea, worth noting though that pdfjs 4.x has major breaking changes. When I looked at it, it seemed like it would require major rewrites to this package. Not that it's impossible, of course, but certainly not a quick thing. At the very least though this issue is probably a duplicate of #1078
Yeah,
Upgrading 2->3 was also already a new major version, but I guess there weren't that much (breaking) changes anyway? But now with 3->4 a lot more would be required?
from ng2-pdf-viewer.
Yes, 2 -> 3 was a major version in terms of semver, but wasnt too bad. 3 --> 4 is much bigger, imho of course, see https://github.com/mozilla/pdf.js/releases/tag/v4.0.189
I havent looked at it again, again its of course not impossible but unfortunately I think significantly more
from ng2-pdf-viewer.
I would also prefer to have it upgraded. Npm still mentioned in version 10.2.2
the high severity vulnerability in pdf.js.
But they mentioned an workaround to set the option isEvalSupported
to false
.
How would that be applied in ng2-pdf-viewer?
from ng2-pdf-viewer.
I would also prefer to have it upgraded. Npm still mentioned in version
10.2.2
the high severity vulnerability in pdf.js.But they mentioned an workaround to set the option
isEvalSupported
tofalse
. How would that be applied in ng2-pdf-viewer?
In my understanding, it is done in this library to disable this option. This was patched here: #1092
The best and safest would be of course to upgrade the pdfjs-dist to the latest version, but I'm not sure if it's happening anytime soon.
from ng2-pdf-viewer.
It was fixed in this for me, thanks alot! #1092
from ng2-pdf-viewer.
Updating to version 4 and above would fix this #624 and possibly also this #824 (Note that 824 is not complete, but a stale bot forced it to be completed anyway...)
- [api-major] Remove the SVG back-end (PR 15173 follow-up) by @Snuffleupagus in https://github.com/mozilla/pdf.js/pull/16699[api-major] Output JavaScript modules in the builds (issue 10317) by @Snuffleupagus in mozilla/pdf.js#17055
- [api-major] Remove various deprecated functionality and options by @Snuffleupagus in mozilla/pdf.js#16774
- [api-major] Output JavaScript modules in the builds (issue 10317) by @Snuffleupagus in mozilla/pdf.js#17055
- [api-minor] Stop polyfilling structuredClone in legacy builds by @Snuffleupagus in mozilla/pdf.js#17086
- [api-minor] Move to Fluent for the localization (bug 1858715) by @calixteman in mozilla/pdf.js#17115
These are possibly breaking changes according to release notes from https://github.com/mozilla/pdf.js/releases/tag/v4.0.189.
I have highlighted (points 3 & 5) that may pose a challenge:
- Output JavaScript modules in the builds - This will require looking at where new ones are and how to load them properly.
- I have no clue how, if at all, translations are handled in this package...
from ng2-pdf-viewer.
Related Issues (20)
- Large file not shows starting pages quickly, is there any way to control chunk requests' sequence for linearization?
- How to get total page count of PDF? HOT 1
- CSP unsafe-inline directive blocks pdf viewer
- Not rendering PDF in angular 17, ng2-pdf-viewer : v10.0.0 HOT 1
- Perticular renge load like pages 5-12 only
- Can't show pdf error ERR_CERT_DATE_INVALID HOT 3
- Thumbnail View I have shown up but scroll issue happned
- Range requests / partial responses do not work in chrome
- Anchor-link in PDF file.
- PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF HOT 10
- ng-pdf-viewer showing black screen HOT 2
- How I can acess RenderParameters from pdf.js
- TS2304: Cannot find name 'WeakKey'. HOT 7
- scrollPageIntoView: "1" is not a valid pageNumber parameter.
- Whats the recommended version to use with angular 15 ?
- (page-rendered)="pdfPageRendered2($event)" event is not working as expected with angular 16.2.12 & ng2-pdf-viewer v^9.1.5
- Cannot find name 'WeakKey'. version 10.2.2 HOT 7
- (Snyk Security Code Tool) Arbitrary Code Injection affecting package pdfjs-dist HOT 5
- No loader is configured for ".node" files: node_modules/canvas/build/Release/canvas.node HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ng2-pdf-viewer.