Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Actually, I'm pretty sure that's used to let you read webpages stored on file://. That's a feature that has been present in browsers since ~1993. I don't think you can deactivate it.

> And what a pdf reader has to do with javascript is a mystery as well.

It's a pdf reader written in JavaScript, just as there are other pdf readers written in other programming languages.



In that case, is the issue actually specific to pdf.js? If it's written entirely in javascript, could this not be exploited some other way? Or does pdf.js have special permissions in this context?


Well, if I recall correctly, pdf.js is an add-on, so it has special permissions, just like any add-on.


Ah-ha. I believe it can also be run embedded in a page (GitHub does so), so it CAN be run without special permissions.


It used to be an add-on but now it's built-in (since v19, early 2013).




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: