Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Security Chief Defends JavaScript Support

Posted by timothy on from the oh-it's-gotta-have-javascript dept.

Trailrunner7 writes "Despite the fact that the majority of [PDF-related] malware exploits use JavaScript to trigger an attack in Adobe's PDF Reader product, the company says it's impossible to completely remove JavaScript support without causing major compatibility problems. In a Q&A on Threatpost, Adobe security chief Brad Arkin says the removal of JavaScript support is a non-starter because it's an integral part of how users do form submissions. '"Anytime you're working with a PDF where you're entering information, JavaScript is used to do things like verify that the date you entered is the right format. If you're entering a phone number for a certain country it'll verify that you've got the right number of digits. When you click 'submit' on the form it'll go to the right place. All of this stuff has JavaScript behind the scenes making it work and it's difficult to remove without causing problems," Arkin explained.'"

8 of 216 comments (clear)

  1. Re:Easy but far too simple solution by kestasjk · · Score: 2, Funny

    I'm also surprised the Adobe Security Chief didn't consider the option of ditching PDF for HTML in this interview

    --
    // MD_Update(&m,buf,j);
  2. i discovered a new concept today by circletimessquare · · Score: 2, Funny

    the bloatware partisan

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  3. Re:Easy but far too simple solution by Anonymous Coward · · Score: 1, Funny

    People switching to Linux and OS X has also had no impact on security either, I suppose?

    Pretty much. Those malware-ridden deb packages for Ubuntu pretty much showed the falsity of such a claim.

  4. Re:Easy but far too simple solution by clone53421 · · Score: 3, Funny

    Dreamweaver?

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  5. Re:Easy but far too simple solution by ristonj · · Score: 2, Funny

    Shhhh....you'll give them ideas!

  6. Re:You're and idiot and don't know what you are... by Anonymous Coward · · Score: 2, Funny

    Oh, geeze. Here come the JavaScript faggots, err, fanatics.

    I understand JavaScript perfectly. I worked with JavaScript before your father deposited his filthy sperm in your mother's smelly twat.

    I've had the misfortune of writing hundreds of thousands of lines of JavaScript code, since it's the "trendy" thing to do (according to all the crap that my manager reads). I know JavaScript inside and out.

    Lisp and Scheme (note that their names are not fully capitalized, unless you're a fucking retard) put JavaScript to shame.

    And congratulations for throwing out terms you heard in the Introduction to Computer Science course that you flunked out of. When I was in graduate school, I wrote several papers on Hindley-Milner type inference and nondeterministic evaluation strategies (based on the work of Church-Rosser) of lambda expressions. Unlike you, I actually do know what I'm talking about.

    So, in closing, fuck off you pathetic little turdworm. Go back to Digg, where you can wait 45 s for each page load, due to the mountains of shitty JavaScript they throw at your browser.

  7. Re:Simple answer by OzPeter · · Score: 2, Funny

    And Joe Sixpack will say to him/herself

    "the only way I can see my embedded VMware virtual machine with full video documentation [1] is to click on the whitelist button for the producer. and I really want to see this .. so here goes".

    [1] Shamelessly stolen from a previous comment VMware embedded documents

    --
    I am Slashdot. Are you Slashdot as well?
  8. Re:Easy but far too simple solution by mad.frog · · Score: 3, Funny

    ...and that's how Emacs stayed its original, trim self.