Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Security Chief Defends JavaScript Support

Posted by timothy on from the oh-it's-gotta-have-javascript dept.

Trailrunner7 writes "Despite the fact that the majority of [PDF-related] malware exploits use JavaScript to trigger an attack in Adobe's PDF Reader product, the company says it's impossible to completely remove JavaScript support without causing major compatibility problems. In a Q&A on Threatpost, Adobe security chief Brad Arkin says the removal of JavaScript support is a non-starter because it's an integral part of how users do form submissions. '"Anytime you're working with a PDF where you're entering information, JavaScript is used to do things like verify that the date you entered is the right format. If you're entering a phone number for a certain country it'll verify that you've got the right number of digits. When you click 'submit' on the form it'll go to the right place. All of this stuff has JavaScript behind the scenes making it work and it's difficult to remove without causing problems," Arkin explained.'"

2 of 216 comments (clear)

  1. CS4 Scripting too by 0100010001010011 · · Score: 5, Informative

    I didn't know this until recently, but you script most of Adobe's CS products (Photoshop, etc) with JavaScript.

    It's cross platform. The same scripts work on my Mac as they do on a Windows machine.

    I already know it, syntax isn't something foreign and there is a ton websites out there for JavaScript support.

    It makes stuff like making panoramas and HDR panoramas awesome.

  2. Re:Easy but far too simple solution by toleraen · · Score: 4, Informative

    L O L

    All NIST tracked vulnerabilities for Foxit in the last two years have been of the "open a bad PDF and get infected" variety. How is Foxit any better, other than executing infected PDFs faster?