[api-minor]XFA - Add a layer to display XFA forms #13069
Conversation
calixteman
commented
Mar 9, 2021
calixteman
commented
- add an option to enable XFA rendering if any;
- for now, let the canvas layer: it could be useful to implement XFAF forms (embedded pdf in xml stream for the background and xfa form for the foreground);
- ui elements in template DOM are pretty close to their html counterpart so we generate a fake html DOM from template one:
- it makes easier to translate template properties to html ones;
- it makes faster the creation of the html element in the main thread.
calixteman
force-pushed
the
xfa_layer
branch
2 times, most recently
from
ae94a07 to
84a0758
Compare
|
|
||
| class XfaLayer { | ||
| static setAttributes(html, attrs) { | ||
| for (const [key, value] of Object.entries(attrs)) { |
There was a problem hiding this comment.
Just to confirm, only the predefined attributes from the various toHTML can be set here right? I just want to confirm we don't need need to remove any potentially malicious attributes from XFA (e.g. onclick).
There was a problem hiding this comment.
Yeah, normally everything is under control:
- only nodes and attributes defined in spec are in the final form DOM;
- the various
toHTMLfunctions will generate some HTML based on those attributes and nodes.
So it's impossible to have some injections.
XFA can contain some xhtml, by spec nodes and attributes are limited too. And for xhtml nodes style is parsed to filter out any forbidden property:
https://github.com/mozilla/pdf.js/blob/master/src/core/xfa/xhtml.js#L63
So it should be safe.
brendandahl
changed the title
src/display/api.js
Outdated
| @@ -1165,6 +1176,14 @@ class PDFPageProxy { | |||
| )); | |||
| } | |||
|
|
|||
| /** | |||
| * @returns {Promise<Object | null>} A promise that is resolved with | |||
| * an {Object} with a fake DOM object, or `null` if no XFA exists. | |||
There was a problem hiding this comment.
We should describe what fake DOM object means.
- add an option to enable XFA rendering if any;
- for now, let the canvas layer: it could be useful to implement XFAF forms (embedded pdf in xml stream for the background and xfa form for the foreground);
- ui elements in template DOM are pretty close to their html counterpart so we generate a fake html DOM from template one:
- it makes easier to translate template properties to html ones;
- it makes faster the creation of the html element in the main thread.
|
/botio test |
From: Bot.io (Linux m4)ReceivedCommand cmd_test from @calixteman received. Current queue size: 0 Live output at: http://54.67.70.0:8877/9fffb7a6f7ae842/output.txt |
From: Bot.io (Windows)ReceivedCommand cmd_test from @calixteman received. Current queue size: 0 Live output at: http://3.101.106.178:8877/8b5cbe9758360e8/output.txt |
From: Bot.io (Linux m4)FailedFull output at http://54.67.70.0:8877/9fffb7a6f7ae842/output.txt Total script time: 24.46 mins
Image differences available at: http://54.67.70.0:8877/9fffb7a6f7ae842/reftest-analyzer.html#web=eq.log |
From: Bot.io (Windows)FailedFull output at http://3.101.106.178:8877/8b5cbe9758360e8/output.txt Total script time: 29.69 mins
Image differences available at: http://3.101.106.178:8877/8b5cbe9758360e8/reftest-analyzer.html#web=eq.log |
