Table of Contents
Advertisement
Section 5 JavaScript Controls
Configure certificate trust as described in
Certificate trust settings
5.9 Certified document trust
11.0 introduces a new setting that elevates certified documents to a privileged location. When enabled,
certified documents with a valid certification signature whose certificate chains to a trusted root are trusted
in the same way as privileged locations and can therefore override JavaScript restrictions. For details, see
9.3 Certified document
5.10 JavaScript invoked URLs
With 9.3.4, cJavaScriptURL is introduced as part of enhanced security. An untrusted document that
tries to invoke an URL via JS displays the YMB by default. The user is given the option to trust the
document for such actions via the Options button on the YMB.
An untrusted document that tries to invoke an URL via JS displays the YMB by default. The user is given
the option to trust the document for such actions via the Options button on the YMB.
5.10.1 Trusted override
There are several ways to assign trust so that this feature works in a trusted context:
• Users can trust documents on-the-fly when the PDF opens: When the Yellow Message Bar appears,
choose the Options button and then trust the document once or always.
• Create a privileged location via the UI for the file, folder, or host.
• Create a privileged location via the registry/plist by placing a tID at:
[HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cJavaScriptURL]
"t8"="C:\\someTrustedPDF"
5.11 JavaScript injection
You can block JS injection by enabling
Yellow message bar: JavaScript injection
Page 40
9.4 Per-certificate
trust.
Enhanced
trust.
Security.
Application Security Guide
Section 5 JavaScript Controls
Advertisement
Table of Contents
Troubleshooting
