weinzierl 7 days ago

My point is that nothing runs without at least one initial user interaction - which makes a big difference for security.

I believe this is even true for Acrobat with default settings, because while you can trigger JavaScript when a document is opened (/OpenAction) Acrobat will ask for permission.

1
brumar 7 days ago

I think I got your point but might have expressed myself badly. The pdf can run js and messes with the display right at opening time, without any warning or ask for permission.

1 reply
weinzierl 7 days ago

Exactly, thanks for the clarification.