Tweet
Originally posted by nomadewolf
View Post
-
I am just bitter because I may have to start maintaining a branch of it, and if you follow Chrome/Chromium release, you will notice half of all security issues in Chrome is in PDFium. And the ones they have there are not the design-flaws like in Blink or Chromium, they are full on bad C programming: See the latest stable release announcement for instance:
-
Why bot just make a MuPDF plugin?Comment
-
Yeah. Turns out, when I checked Wikipedia, I tried searching for "DRM" but not "restrictions":Originally posted by timofonic View Post
I really doubt about MuPDF, it's Affero GPL version 3
The PDF format's use restrictions were implemented in Sumatra 0.6,[8] preventing users from printing or copying from documents that the document author restricts, a form of Digital Rights Management. Kowalczyk stated "I decided that [Sumatra] will honor PDF creator's wishes".[9][10][11] Other open source readers like Okular and Evince make this optional, and Debian patches software to remove these restrictions, in accord with the open source principles of interoperability and reuse.[12]Comment
-
Because as shown by the fact that they're FINALLY implementing it now their complaint were bullshit, and entirely summed up as NOT IN HOUSE (CLOSED - WONT FIX). And instead they went off on this asinine bent that they were going to implement all plugins as Javascript instead, which turned out just great... except that it didn't.... not at all...Originally posted by PuckPoltergeist View PostComment
-
If pdf.js also has security issues, then i guess it's ok.Originally posted by carewolf View Post
Maybe with both Firefox and Chrome using PDFium security will improve, as it is a big deal for me also.Comment
-
If pdf.js has security issues, it's because there are security issues in the web content sandbox.Originally posted by nomadewolf View Post
That was the whole point of doing pdf.js rather than writing a plugin based on something like libpoppler. You already have to maintain a sandbox for web content, so make your PDF renderer unpriviledged and run it in the same sandbox to reduce the attack surface. (pdf.js, Shumway, and asm.js were Firefox's answer to the Native Client sandbox.)Comment
-
And now we read again (or first time really?):Originally posted by Luke_Wolf View Post
Nobody ever said it's impossible. It was said, it's not worth the effort. And Mortar may still fail, cause PPAPI isn't fully documented, Flash is using much of this not documented internal APIs and PPAPI is heavily tied to blink. These reasons still exist and we will see, how far Mortar will go.Project Mortar is aiming to explore the possibility to bring PDFium library and the Pepper API based Flash plugin into Firefox.Comment
-
Basically, Project Mortar would be an official version of Wine-derived things like Pipelight, except it'd be the Blink internals they'd be reverse-engineering and chasing after rather than the Win32 internals.Originally posted by PuckPoltergeist View Post
(For those who don't follow Wine development, a non-trivial chunk of their work involves figuring out which undocumented quirk of Windows API behaviour a given application relies on... which, judging by The Old New Thing, could be an old, now-fixed bug that's resurrected by an application profile on real Windows and needs to be added to the appropriate entry in winecfg's Windows version drop-down.)Comment
-
I don't get it? They are working on something that already works? Good grief, that's some work!
https://github.com/i-rinat/freshplayerplugin loaded into browser as I type this, using the latest flash plugin, stable, performant, perfect. If we need to have flash, for a bit more, that is.
As for pdf plugin, I disabled that junk 2 days after it went in. Slow and ugly. Double trouble. They better pay attention when importing junk like that. Better not to even try.Comment
-
This is a wrapper to use the NPAPI plugin as if it was PPAPI.Originally posted by linportal View Post
The main point here is using the PPAPI plugin because NPAPI plugin is bad for security.
Comment
Comment