By default, as a company, we disable JavaScript due to its potential malicious misuse.
Bluebeam offers an entry in the RevuPreferences.xml to disable it on first run, however the user is able to re-enable it. When a user runs a PDF containing JavaScript, they receive a popup window that states: “This document contains JavaScript, which is currently disabled in the preferences. Be advised that this document may not function as intended.” and requires the user to click [OK]. When v21.5 had bug that caused this popup to occur whether it had JavaScript or not, some savvy users were re-enabling JavaScript with no inclination of the risks.
In contrast, Adobe Acrobat allows the permanent disabling of JavaScript through a registry entry. Instead of a popup that requires the user to click okay, it is a banner at the top of the document window. Adobe's message is more informative by stating, "JavaScript is currently disabled and this document uses it for some features. Enabling JavaScript can lead to potential security issues.", which clearly informs the user that there may be risks involved.
My features request is for the following be added to Revu v21, so that there is no risk of a user opening a malicious document that contains JavaScript, as well as mitigating the requirement to click [OK] before a document can be viewed.
- Allow for a more permanent option of disabling JavaScript, where the user will not be able to enable it on their own.
- Add a warning, similar to Adobe, alerting the user that: Enabling JavaScript can lead to potential security issues.
- Change the notification from being a popup window that requires the user to click on an [OK] button each time a document with JavaScript is opened, to a message banner at the top of the document, similar to what Adobe does.
Thank you.