feat: feature to disable pdf javascript (#176)

secureblue · Jan 16, 2025 · 7266c26 · 7266c26
1 parent ab8df93
commit 7266c26
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 3 deletions.
diff --git a/patches/add-feature-to-disable-pdf-javascript.patch b/patches/add-feature-to-disable-pdf-javascript.patch
@@ -0,0 +1,42 @@
+diff --git a/pdf/pdf_features.cc b/pdf/pdf_features.cc
+index e4dbc7d5b0834..973bc515cea96 100644
+--- a/pdf/pdf_features.cc
++++ b/pdf/pdf_features.cc
+@@ -13,6 +13,10 @@ namespace {
+ bool g_is_oopif_pdf_policy_enabled = true;
+ }  // namespace
+
++// Trivalent
++BASE_FEATURE(kPdfJavaScript, "PdfJavaScript",
++             base::FEATURE_ENABLED_BY_DEFAULT);
++
+ BASE_FEATURE(kAccessiblePDFForm,
+              "AccessiblePDFForm",
+              base::FEATURE_DISABLED_BY_DEFAULT);
+diff --git a/pdf/pdf_features.h b/pdf/pdf_features.h
+index 23c38c6138328..cc2489e911a6c 100644
+--- a/pdf/pdf_features.h
++++ b/pdf/pdf_features.h
+@@ -15,6 +15,9 @@ static_assert(BUILDFLAG(ENABLE_PDF), "ENABLE_PDF not set to true");
+
+ namespace chrome_pdf::features {
+
++// Trivalent
++BASE_DECLARE_FEATURE(kPdfJavaScript);
++
+ BASE_DECLARE_FEATURE(kAccessiblePDFForm);
+ BASE_DECLARE_FEATURE(kPdfCr23);
+ BASE_DECLARE_FEATURE(kPdfIncrementalLoading);
+diff --git a/pdf/pdfium/pdfium_form_filler.cc b/pdf/pdfium/pdfium_form_filler.cc
+index f319c45d075e2..d1b311d76d1d3 100644
+--- a/pdf/pdfium/pdfium_form_filler.cc
++++ b/pdf/pdfium/pdfium_form_filler.cc
+@@ -41,6 +41,8 @@ std::string WideStringToString(FPDF_WIDESTRING wide_string) {
+
+ // static
+ PDFiumFormFiller::ScriptOption PDFiumFormFiller::DefaultScriptOption() {
++  if (!base::FeatureList::IsEnabled(features::kPdfJavaScript))
++    return PDFiumFormFiller::ScriptOption::kNoJavaScript;
+ #if defined(PDF_ENABLE_XFA)
+   if (base::FeatureList::IsEnabled(features::kPdfXfaSupport))
+     return PDFiumFormFiller::ScriptOption::kJavaScriptAndXFA;
diff --git a/patches/expose-flags.patch b/patches/expose-flags.patch
@@ -1,20 +1,24 @@
 diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
-index ad599311ac46d..6c89de2fca405 100644
+index 7613006656aaa..ee707f847ccba 100644
 --- a/chrome/browser/about_flags.cc
 +++ b/chrome/browser/about_flags.cc
-@@ -4220,6 +4220,41 @@ const FeatureEntry kFeatureEntries[] = {
+@@ -4343,6 +4343,45 @@ const FeatureEntry kFeatureEntries[] = {
  // //tools/flags/generate_unexpire_flags.py.
  #include "build/chromeos_buildflags.h"
  #include "chrome/browser/unexpire_flags_gen.inc"
 +    {"middle-click-autoscroll", "Autoscroll with Middleclick",
 +     "Enables scrolling with middleclick. Displays a security warning. "
 +     "This feature is exposed by Trivalent.", kOsLinux,
-+     SINGLE_VALUE_TYPE_AND_VALUE(switches::kEnableBlinkFeatures, 
++     SINGLE_VALUE_TYPE_AND_VALUE(switches::kEnableBlinkFeatures,
 +                                 "MiddleClickAutoscroll")},
 +    {"show-punycode-domains", "Show punycode for IDN domains",
 +     "Shows punycode for IDN domains to mitigate IDN homograph attacks. "
 +     "Disabled by default. This feature is provided by Trivalent.",
 +     kOsAll, FEATURE_VALUE_TYPE(url::kShowPunycodeDomains)},
++    {"pdf-javascript", "Enable PDF JavaScript",
++     "Toggle JavaScript for rendered PDFs (this also disables XFA). "
++     "Enabled by default. This feature is provided by Trivalent.",
++     kOsAll, FEATURE_VALUE_TYPE(chrome_pdf::features::kPdfJavaScript)},
 +    {"clear-cross-origin-referrers", "Clear cross-origin referrers",
 +     "Clears referrers when navigating across origins. Disabled by default. "
 +     "This feature is provided by Trivalent.", kOsAll,