Support For JavaScript In PDFs
Firefox 88 Released With FTP Support Disabled, Support For JavaScript In PDFs
Collapse
X
-
Originally posted by kpedersen View Post- I still use FTP a fair amount to get .iso images. HTTPS encryption seems very wastful for this.
- I never want to run any Javascript in a PDF file.
.... good to see the web and its priorities are on track!
bunch of clowns.- Using TLS means the server authority is verified and password authentication easy and secure
- Encryption overheads are negligible on modern hardware
- Why run another ancient server when your standard https server can already handle it?
- You can effectively write an entire UI thanks to HTML5, much easier to use than the basic FTP support we've had for decades
- FTP is a horrible hack from before NAT was a thing, its grossly outdated
I do agree that Javascript in PDF seems a bad idea though.Last edited by Alex Atkin UK; 19 April 2021, 08:35 PM.
Comment
-
Originally posted by CochainComplex View Postand yes missing ftp is a real bummer....is sftp not secure enough? or is it because on ftp repos you cant push advertisment and thats why google doesnt like it. Therefore in chrome it is removed. On top of it there comes the apple effect ...oh the cool guys removed the audiojack ...lets do this too (firefox no ftp - cool) ! Or what is the problem with FTP?
FileZilla's UI has a good taxonomy about it
First we have SFTP, which is fundamentally SSH plus something, and I don't think Firefox supports SSH natively.
Second we have a bunch of FTP variants, including
1. Plan FTP
2. Explicit TLS: Start with plain FTP, but enter TLS mode with "AUTH TLS"
3. Implicit TLS: Start with TLS, and use plain FTP over it
Furthermore the encoding problem is totally a mess on FTP. Some (mainly old ones on Windows) severs only support Local charset, Some (mainly Linux) only support UTF-8 because the "local" charset *is* UTF-8, some have to be enabled with "OPTS UTF8 ON". In addition to these, not all clients support UTF-8 so fixing your own server is not the end of the story.
(I ran a personal FTP server for my local community more than a decade ago and hit all the problems above... I even had to put a bunch of directories starting with ! to tell users how to use this server correctly.)Last edited by zxy_thf; 19 April 2021, 02:19 PM.
Comment
-
-
I don't open PDFs inside browsers and, unless they try to open it automatically, this will not affect me. Seems like a huge security disaster begging to be exploited.
To people defending use of HTTP(S?), well, FTP used to give you creation time, modification time and other timestamp data. HTTP(S?)s? The bastards that create the pages mostly can't bother to pass these important data. I would prefer to drop Firefox usage, if I could.
Comment
-
-
The problem with ftp is that is a over complicated protocol when compared with plain http. It do have some interesting features, but today most clients and server don't even use them... how many people even know that ftp protocol allow one transfer a file between ftp servers, without using the user connection? even worse, most firewalls now simply block that. All ftp users cases can be replaced by plain http or even better, webdav (over http). http at least allow proper proxy, caching and filtering. Now replacing ftp with https is probably a little of waste for speed, but on the other and you gain security (specially if you send authentication) and privacy
Using webdav is way better than ftp, you can even mount remote webdav and use then as normal folders (RW or RO) , allmost all OS (modern windows, mac and linux) know how to use webdav like that.
So no, ftp in browser is really not needed anymore, people can still use filezilla or whatever ftp GUI client they want (or cli ftp), but lets hope that more servers finish the migration to plain http for public mirrors and https for private ones
While i agree that javascript in PDFs is a very bad idea, the problem is that already exists for several years and those PDFs already fail in firefox. Between being forced to use acrobat reader or the firefox PDF reader, i trust much more the firefox one. If they add a option to have that disabled by default, and ask user to allow only for that pdf if the pdf is from trusted sources, it is a win
Comment
-
-
Originally posted by atomsymbol
A mistake is that PDF is just mimicking the properties of a physical paper - only adds a scaling/zoom feature, text search (usually without regular expressions because the general public has very little idea what a regular expression is) and can be digitally signed - not much beyond that.
Computers are interactive in their very nature and can do more than just imitate the properties of physical paper.
Let it be a document, a plain and dumb document, please.
There are other means to make interactive contents.
Comment
-
-
FTP support was already removed from Chrome. There's an industry-wide agreement to drop it from web browsers, because:- Very few people actually use it
- Basic FTP is insecure
- Browsers never implemented secure FTP and adding that isn't trivial
- Users that need it will be better off with a dedicated FTP client anyway
Comment
-
Originally posted by franglais125 View PostRe: embedded Javascript. Here is a similar request for evince/libpoppler https://gitlab.gnome.org/GNOME/evince/-/issues/24
I was looking forward to something like this (for some simple animations I create with tikz, in latex).
On the other hand, I shudder at thinking of future malware taking advantage of this (if it manages to break out of the sandbox, obviously).
(Not trying to hijack the thread with gnome stuff, so please don't derail from here).
Originally posted by kpedersen View Post- I still use FTP a fair amount to get .iso images. HTTPS encryption seems very wastful for this.
- I never want to run any Javascript in a PDF file.
.... good to see the web and its priorities are on track!
bunch of clowns.
Originally posted by rockiron View PostWhy they are removing support for FTP????
What's wrong with FTP????
The fact that Dropbox doesn't support FTP means that Dropbox should support it, not that we should drop it
Originally posted by kylew77 View PostI agree, it is stupid to drop FTP support just like it was stupid to drop gopher support and not add gemini support. These extra protocols shouldn't take up much code and its not like it is hurting anyone to keep them all enabled!
Comment
Comment