How safe is Sumatra? Can it execute any kind of code or script?


#1

Hello, I have been wondering about this today. I am not very familiar about how much scriptable PDFs are but I have heard that they can have Javascript inside to do some things like form validation maybe :man_shrugging:

So is it actually possible to do any kind of harm by just opening a PDF in Sumatra? What is the damage it can do in the worst case scenario?

Thank you for the answers in advance! :slight_smile:


#2

No scripting, forms etc. supported at all to my knowledge, so Sumatra should be as safe as it gets.


#3

I am aware that Sumatra doesn’t support forms at all but I was under the impression that it can do basic JavaScript, since it seems to be able to do LaTeX. Or it might be a totally different thing from being able to process Javascript :slight_smile:

Hopefully you are right Peter, let us see what @kjk has to say on this matter!


#4

Currently Sumatra doesn’t execute JavaScript in PDF files. JavaScript is not needed for LaTeX support.


#5

Thanks for the reply @kjk! So I guess Sumatra is really is as safe as it gets :slight_smile: with no script execution taking place.


#6

@TheDcoder
SumatraPDF is just as secure as most readers go however its still only as safe as its user since it can follow embedded urls
there are ways to make it securer by blocking external links see documentation and forum discussions about restrictions.ini


#7

@GitHubRulesOK Thanks for the information! The aspect about luring the user to take things outside the PDF Reader (Sumatra) should also be considered as you have mentioned. Here is the link to the restricted use documentation for reference :slight_smile: