From 628e672765806c68c3812d3621ccbd2748dba7b6 Mon Sep 17 00:00:00 2001
From: Rob Wu <rob@robwu.nl>
Date: Sun, 12 Sep 2021 01:04:11 +0200
Subject: [PATCH] [CRX] enableScripting=false by default in Chrome extension

The scripting engine is bundled for users who'd like to use the feature,
but it is disabled by default.
---
 extensions/chromium/preferences_schema.json | 10 ++++++----
 web/app_options.js                          |  2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/extensions/chromium/preferences_schema.json b/extensions/chromium/preferences_schema.json
index 9b30f007f..827638ca1 100644
--- a/extensions/chromium/preferences_schema.json
+++ b/extensions/chromium/preferences_schema.json
@@ -69,6 +69,12 @@
       "type": "boolean",
       "default": false
     },
+    "enableScripting": {
+      "title": "Enable active content (JavaScript) in PDFs",
+      "type": "boolean",
+      "description": "Whether to allow execution of active content (JavaScript) by PDF files.",
+      "default": false
+    },
     "disableRange": {
       "title": "Disable range requests",
       "description": "Whether to disable range requests (not recommended).",
@@ -154,10 +160,6 @@
       ],
       "default": 2
     },
-    "enableScripting": {
-      "type": "boolean",
-      "default": true
-    },
     "enablePermissions": {
       "type": "boolean",
       "default": false
diff --git a/web/app_options.js b/web/app_options.js
index 094758872..53d23e866 100644
--- a/web/app_options.js
+++ b/web/app_options.js
@@ -101,7 +101,7 @@ const defaultOptions = {
   },
   enableScripting: {
     /** @type {boolean} */
-    value: true,
+    value: typeof PDFJSDev === "undefined" || !PDFJSDev.test("CHROME"),
     kind: OptionKind.VIEWER + OptionKind.PREFERENCE,
   },
   externalLinkRel: {