Commit Graph

271 Commits

Author SHA1 Message Date
Jonas Jenwald
6d8a404a9c [api-minor] Add support for a couple of white-listed JavaScript actions that contains valid URLs (issue 3897, bug 843699)
By only allowing very specific type of `JavaScript` actions, and also utilizing the existing `URL` validation, this patch shouldn't pose too much risk.

Fixes one of the points in issue 3897 (with the PDF file taken from issue 3438).
Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=843699 (probably, since that bug doesn't contain a test-case).
2016-11-08 16:48:27 +01:00
Jonas Jenwald
b4100ba651 Merge pull request #7698 from Snuffleupagus/bug-1308536
Ignore reserved commands when parsing operands in `CFFParser_parseDict`, instead of just rejecting the entire font (bug 1308536)
2016-11-03 23:53:14 +01:00
Jonas Jenwald
2d8d8b5e53 Use stringToPDFString to sanitizing bad "Prefix" entries in Page Label dictionaries
It seems that certain bad PDF generators can create badly encoded "Prefix" entries for Page Labels, one example being http://ukjewishfilm.org/wp-content/uploads/2015/09/Jewish-Film-Festival-Programme-ONLINE.pdf.

Unfortunately I didn't come across such a PDF file while adding the API support for Page Labels, but with them now being used in the viewer I just found this issue. With this patch, we now display the Page Labels in the same way as Adobe Reader.
2016-11-03 19:48:08 +01:00
Jonas Jenwald
9dc6463933 Ignore reserved commands when parsing operands in CFFParser_parseDict, instead of just rejecting the entire font (bug 1308536)
According to the CFF specification, see http://partners.adobe.com/public/developer/en/font/5176.CFF.pdf#page=11, certain commands are currently reserved.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1308536.
2016-11-03 12:50:40 +01:00
Tim van der Meij
9f8d67475e Merge pull request #7775 from timvandermeij/widget-annotation-name
Widget annotation: implement field name according to the specification
2016-11-02 22:43:17 +01:00
Tim van der Meij
1d96854019 Widget annotation: implement field name according to the specification
The original code is difficult to read and, more importantly, performs
actions that are not described in the specification. It replaces empty
names with a backtick and an index, but this behavior is not described
in the specification. While the specification is not entirely clear
about what should happen in this case, it does specify that the `T`
field is optional and that multiple field dictionaries may have the same
fully qualified name, so to achieve this it makes the most sense to
ignore missing `T` fields during construction of the field name. This is
the most specification-compliant solution and, judging by opened issue #6623, also the required and expected behavior.
2016-11-02 21:44:44 +01:00
Tim van der Meij
6e22b32372 Merge pull request #7745 from Snuffleupagus/Launch-actions
[api-minor] Add basic support for `Launch` actions (issue 1778, issue 3897, issue 6616)
2016-11-01 21:12:08 +01:00
Tim van der Meij
5194e68134 Lint: correct code style violations
Manual observations and working with other linting tools found these.
2016-11-01 15:04:21 +01:00
Jonas Jenwald
2b79782377 [api-minor] Add basic support for Launch actions (issue 1778, issue 3897, issue 6616)
In general we neither want, nor can, support arbitrary `Launch` actions. But in practice, all the cases we've seen so far just contains relative URLs to other PDF files. Building on PR 7689, we can thus at least support basic `Launch` actions.
2016-10-21 13:40:32 +02:00
Jonas Jenwald
d284cfd5eb [api-minor] Add support for relative URLs, in both annotations and the outline, by adding a docBaseUrl parameter to PDFJS.getDocument (bug 766086)
Note that in `FIREFOX/MOZCENTRAL/CHROME` builds of the standard viewer the `docBaseUrl` parameter will be set by default, since in that case it makes sense to use the current URL as a base.
For the `GENERIC` viewer, or the API itself, it doesn't make sense to try and set the `docBaseUrl` by default. However, custom deployments/implementations may still find the parameter useful.
2016-10-19 22:20:24 +02:00
Jonas Jenwald
42f07c6262 [api-minor] Use the new URL constructor when validating URLs in annotations and the outline, as a complement to only checking the protocol, and add a bit more validation to Catalog_parseDestDictionary
Note that this will automatically reject any relative URL.
To make the API more useful to consumers, URLs that are rejected will be available via the `unsafeUrl` property in the data object returned by `PDFPageProxy_getAnnotations`.

The patch also adds a bit more validation of the data for `Named` actions.
2016-10-19 22:11:17 +02:00
Jonas Jenwald
e64bc1fd13 Move parsing of destination dictionaries to a helper function
This not only reduces code duplication, but it also allow us to easily support the same kind of URLs we currently do for Link annotations in the Outline as well.
2016-10-18 16:14:07 +02:00
Tim van der Meij
9b3a91f365 Merge pull request #7671 from timvandermeij/interactive-forms-choice-fields
Interactive forms: render choice widget annotations
2016-10-05 23:27:45 +02:00
Tim van der Meij
f85f3243b1 Choice widget annotations: unit and reference testing 2016-10-05 21:25:29 +02:00
Jonas Jenwald
93830032ac Add a unit-test for annotations where the URI action has an incorrect encoding (bug 1122280, PR 5999) 2016-09-30 11:44:24 +02:00
Tim van der Meij
375229d6b9 Widget annotations: simplify field flag handling
Directly use the hexadecimal representation, just like the
`AnnotationFlags`, to avoid calculations and to improve readability.
This allows us to simplify the unit tests for text widget annotations as
well.
2016-09-21 21:11:37 +02:00
Tim van der Meij
6100ab4b18 Text widget annotations: implement comb support 2016-09-20 22:31:10 +02:00
Tim van der Meij
adf0972ca5 Text widget annotations: improve unit and reference tests
This patch improves the unit tests by testing the support for read-only
and multiline fields. Moreover, we add a reference test to ensure that
the text widgets are not only rendered, but also that their contents are
styled properly.

Finally, we perform minor improvements in `src/core/annotation.js`, for
example adding missing comments.
2016-09-17 15:24:48 +02:00
Tim van der Meij
323e86c442 Text widget annotations: implement unit testing and sanitize data values 2016-09-13 14:57:11 +02:00
Jonas Jenwald
37998076c9 In display/api.js ensure that we always reject with an Error in JpegDecode, and adjust a couple of other rejection sites as well
In the case where the document was destroyed, we were rejecting the `Promise` in `JpegDecode` with a string instead of an `Error`. The patch also brings the wording more inline with other such rejections.

Use the `isInt` utility function when validating the `pageNumber` parameter in `WorkerTransport_getPage`, to make it more obvious what's actually happening. There's also a couple more unit-tests added, to ensure that we always fail in the expected way.

Finally, we can simplify the rejection handling in `WorkerTransport_getPageIndexByRef` somewhat. (Note that the only reason for using `catch` here is that since the promise is rejected on the worker side, the `reason` becomes a string instead of an `Error` which is why we "re-reject" on the display side.)
2016-09-05 16:35:32 +02:00
Tim van der Meij
f520616e00 Merge pull request #7570 from Snuffleupagus/issue-7569
Create a fallback annotation `id` for entries in `Annots` dictionaries that are not indirect objects (issue 7569)
2016-08-28 00:23:59 +02:00
Tim van der Meij
b81d661556 Remove unused globals from fonts unit test file 2016-08-27 23:20:03 +02:00
Jonas Jenwald
088ce6c009 Add a unit-test to check that ProblematicCharRanges contains valid entries
When adding new entries to `ProblematicCharRanges`, you have to be careful to not make any mistakes since that could cause glyph mapping issues.
Currently the existing reference tests should probably help catch any errors, but based on experience I think that having a unit-test which specifically checks `ProblematicCharRanges` would be both helpful and timesaving when modifying/reviewing changes to this code.

Hence this patch which adds a function (and unit-test) that is used to validate the entries in `ProblematicCharRanges`, and also checks that we don't accidentally add more character ranges than the Private Use Area can actually contain.
The way that the validation code, and thus the unit-test, is implemented also means that we have an easy way to tell how much of the Private Use Area is potentially utilized by re-mapped characters.
2016-08-27 11:56:00 +02:00
Jonas Jenwald
78889646c8 Create a fallback annotation id for entries in Annots dictionaries that are not indirect objects (issue 7569)
According to the PDF specification, see http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/PDF32000_2008.pdf#page=86, entries in `Annots` dictionaries should be indirect objects, but obviously there're PDF generators that ignore this.

Fixes 7569.
2016-08-27 10:56:16 +02:00
Jonas Jenwald
db1526c59e Add unit-tests for asynchronous methods in primitives.js
In PR 7520, I missed the fact that we currently have no unit-tests for `Dict_getAsync`.
2016-08-21 18:44:58 +02:00
Jonas Jenwald
af636aae96 Add a parameter to the isName function that enables checking not just that something is a Name, but also that the actual name properties matches
This is similar to the existing `isCmd` and `isDict` functions, which already support similar kind of checks.
With the updated `isName` function, we'll be able to simplify many callsites from: `isName(someVariable) && someVariable.name === 'someName'` to: `isName(someVariable, 'someName')`.
2016-08-10 11:15:03 +02:00
Jonas Jenwald
d70e07fb90 Add more unit-tests for primitives.js 2016-08-03 17:04:12 +02:00
Yury Delendik
a02e2686b9 Merge pull request #7475 from Snuffleupagus/api-getTextContent-combineTextItems
[api-minor] Add a parameter to `PDFPageProxy_getTextContent` that controls whether `PartialEvaluator_getTextContent` will attempt to combine same line text items
2016-07-27 08:34:24 -05:00
Jonas Jenwald
558a22cd02 Prevent errors when parsing Annotations with missing (or invalid) /Subtype entries (issue 7446)
Note that I used a separate warning message for this case, instead of utilizing the same one as in the unsupported subtype case, to more clearly indicate that the PDF file itself is to blame rather than PDF.js.

Fixes 7446.
2016-07-25 13:59:26 +02:00
Jonas Jenwald
f297e4d17c [api-minor] Add a parameter to PDFPageProxy_getTextContent that controls whether PartialEvaluator_getTextContent will attempt to combine same line text items
From the discussion in issue 7445, it seems that there may be cases where an API consumer would want to get the text content as is, without combined text items.
2016-07-19 13:38:57 +02:00
Jonas Jenwald
72c1df726e Add a getAttachments unit-test for a PDF file that actually contains attachments 2016-07-02 13:13:30 +02:00
Tim van der Meij
f97d52182a Merge pull request #7341 from Snuffleupagus/getDestinationHash-Array
[api-minor] Improve handling of links that are using explicit destination arrays
2016-06-09 00:29:10 +02:00
Jonas Jenwald
6260fc09a3 Attempt to recover valid format 3 FDSelect data from broken CFF fonts (bug 1146106)
According to the CFF specification, see http://partners.adobe.com/public/developer/en/font/5176.CFF.pdf#G3.46884, for `format 3` FDSelect data: "The first range must have a ‘first’ GID of 0".
Since the PDF file (attached in the bug) violates that part of the specification, this patch tries to recover valid FDSelect data to prevent OTS from rejecting the font.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1146106.
2016-06-06 18:20:52 +02:00
Jonas Jenwald
98fe094d18 Let non-viewable Popup Annotations inherit the parent's Annotation Flags if the parent is viewable
Fixes http://www.pdf-archive.com/2013/09/30/file2/file2.pdf.

Note how it's not possible to show the various Popup Annotations in the above document.
To fix that, this patch lets the Popup inherit the flags of the parent, in the special case where the parent is `viewable` *and* the Popup is not.
In general, I don't think that a Popup must have the same flags set as the parent. However, it seems very strange to have a `viewable` parent annotation, and then not being able to view the Popup.

Annoyingly the PDF specification doesn't, as far as I can find, mention anything about how this case should be handled, but this patch seem consistent with the actual behaviour in Adobe Reader.
2016-05-25 23:00:26 +02:00
Brendan Dahl
b86610ffdb Merge pull request #7300 from Snuffleupagus/bug-1068432
Prevent adding invalid values in `CFFDict_setByKey` (bug 1068432)
2016-05-24 12:12:38 -07:00
Jonas Jenwald
b354682dd6 [api-minor] Let LinkAnnotation/PDFLinkService_getDestinationHash return a stringified version of the destination array for explicit destinations
Currently for explicit destinations, compared to named destinations, we manually try to build a hash that often times is a quite poor representation of the *actual* destination. (Currently this only, kind of, works for `\XYZ` destinations.)
For PDF files using explicit destinations, this can make it difficult/impossible to obtain a link to a specific section of the document through the URL.

Note that in practice most PDF files, especially newer ones, use named destinations and these are thus unnaffected by this patch.
This patch also fixes an existing issue in `PDFLinkService_getDestinationHash`, where a named destination consisting of only a number would not be handled correctly.

With the added, and already existing, type checks in place for destinations, I really don't think that this patch exposes any "sensitive" internal destination code not already accessible through normal hash parameters.

*Please note:* Just trying to improve the algorithm that generates the hash is unfortunately not possible in general, since there are a number of cases where it will simply never work well.

 - First of all, note that `getDestinationHash` currently relies on the `_pagesRefCache`, hence it's possible that the hash returned is empty during e.g. ranged/streamed loading of a PDF file.

 - Second of all, the currently computed hash is actually dependent on the document rotation. With named destinations, the fetched internal destination array is rotational invariant (as it should be), but this will not hold in general for the hash. We can easily avoid this issue by using a stringified destination array.

 - Third of all, note that according to the PDF specification[1], `GoToR` destinations may actually contain explicit destination arrays. Since we cannot really construct a hash in `annotation.js`, we currently have no good way to support those. Even though this case seems *very* rare in practice (I've not actually seen such a PDF file), it's in the specification, and this patch allows us to support that for "free".

---
[1] http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/PDF32000_2008.pdf#G11.1951685
2016-05-21 14:14:07 +02:00
Jonas Jenwald
01ab15a6f1 [api-minor] Let Catalog_getPageIndex check that the Ref actually points to a /Page dictionary
Currently the `getPageIndex` method will happily return `0`, even if the `Ref` parameter doesn't actually point to a proper /Page dictionary.
Having the API trust that the consumer is doing the right thing seems error-prone, hence this patch which adds a check for this case.

Given that the `Catalog_getPageIndex` method isn't used in any hot part of the codebase, this extra check shouldn't be a problem.
(Note: in the standard viewer, it is only ever used from `PDFLinkService_navigateTo` if a destination needs to be resolved during document loading, which isn't common enough to be an issue IMHO.)
2016-05-21 14:13:41 +02:00
Tim van der Meij
db46829ef7 Merge pull request #7316 from timvandermeij/remove-unused
Remove unused variables
2016-05-21 14:07:33 +02:00
Jonas Jenwald
c5c5a2a71f Add basic unit-tests for unicode.js
Re: issue 7261.
2016-05-19 19:45:45 +02:00
Tim van der Meij
6a7012aaca Remove unused variables
These have been found using `gulp lint` in combination with the `unused:
true` parameter for JSHint. Unfortunately there are too many false
positives to enable this feature, but now that most globals have been
removed because of the conversion to UMD the results are much more
useful than before.
2016-05-11 16:11:13 +02:00
Jonas Jenwald
c9b6de3b16 Prevent adding invalid values in CFFDict_setByKey (bug 1068432)
In the font in question, there are a couple of `topDict` entries that have invalid values (`0xF 0xF`, i.e. just eof markers without any actual numbers).
This causes the `parseFloatOperand` function, inside `CFFParser_parseDict`, to return `NaN`. Currently we pass this broken font onto the browser, which OTS unsurprisingly rejects.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1068432.
2016-05-07 21:09:58 +02:00
Jonas Jenwald
29c4a604af Split the font_spec.js unit-tests into cff_parser_spec.js and type1_parser_spec.js
Re: issue 7261.

Given the we have `gulp fonttest`, which tests the `fonts.js` functionality at a higher level, and that we have *a lot* of font specific reference tests, I'm not convinced that we *also* need unit-tests for it.
2016-05-03 09:37:36 +02:00
Yury Delendik
7fd3db9977 Adds EventBus. 2016-04-28 06:57:24 -05:00
Jonas Jenwald
b4a17323b6 Move isDict unit-tests from util_spec.js to primitives_spec.js
This patch moves the unit-test to the correct file, since the `isDict` function was moved PR 6683.
2016-04-16 20:32:46 +02:00
Jonas Jenwald
4523ae0b91 Add a couple of CipherTransformFactory unit-tests to check that blank passwords are correctly rejected 2016-04-16 20:24:55 +02:00
Jonas Jenwald
171f908b89 Add a couple of LinkAnnotation unit-tests
We currently don't have *any* unit-tests for `LinkAnnotation`s, so it seemed a good idea to add a few. These tests are taken from various actual PDF files.
2016-04-15 22:59:08 +02:00
Prakash Palanisamy
a25c29d98d Remove combineUrl and replace it with new URL. 2016-04-15 21:33:10 +05:30
Yury Delendik
6282ec24d1 Merge pull request #7172 from yurydelendik/umd-web
Introduces UMD headers to the web/ folder.
2016-04-13 10:23:23 -05:00
Yury Delendik
006e8fb59d Introduces UMD headers to the web/ folder. 2016-04-13 10:09:48 -05:00
Yury Delendik
879340d741 Removes hijack describe() hack from unit tests. 2016-04-11 07:37:35 -05:00