1. Manuals
  2. Brands
  3. Adobe Manuals
  4. Software
  5. 22002486
  6. User manual

Examples Of Prevented Behavior; Examples Of Allowed Behavior - Adobe 22002486 User Manual

For acrobat 9.0 and adobe reader 9.0
Hide thumbs
Table of Contents

Advertisement

Acrobat 9 Family of Products
Security Feature User Guide
Table 17 Rules for opening a PDF via FDF
FDF
Action
location
Data injection
n/a
Data injection
server
Data injection
server
Data injection
Varied
Script injection
Any

Examples of Prevented Behavior

The following are examples of disallowed actions when Enhanced Security is on:
If the PDF opens in the browser, and the URL to the PDF contains a #FDF=url, then the FDF data
specified by that url may be injected into the open PDF if the FDF has no /F key and if the PDF may
receive data from the FDF based on the cross domain policy.
If the PDF opens in the Acrobat/Reader standalone application and the FDF data comes back in the
https response to a POST/GET initiated by the PDF, then the FDF data may be injected into the open
PDF if the PDF specified in the FDF is the PDF that made the POST/GET and if the PDF may receive data
from the FDF based on the crossdomain policy (i.e. * in crossdomain.xml).

Examples of Allowed Behavior

The following are examples of scenarios where FDF data injection does need a user-authorization dialog
when Enhanced Security is on:
You submit data from a PDF in the browser and the URL has #FDF at the end. The FDF that comes back
has an /F key pointing to a different PDF which needs to get loaded (everything is happening in the
browser). The FDF data gets injected into the second PDF.
Same as above, except it all happens in the Acrobat rather than in the browser. In this case, the #FDF at
the end of the URL is not needed.
The "spontaneous FDF" case: In the browser, an unsolicited FDF arrives (via a link from an HTML page
before and Acrobat is not running yet), and the FDF has an /F key for a PDF that it needs to open and
populate.
Opening a link of the form http://A.com/file.pdf#FDF=http://B.com/getFDF.
PDF
location
8.x behavior
n/a
Allowed
browser
Allowed
Acrobat/
Allowed
Reader
Varied
Allowed
Any
Allowed
External Content and Document Security
Changes in FDF Behavior
9.x behavior
Allowed if:
Data retuned via a form submit with
url#FDF.
FDF has no /FDF key.
cross-domain policy permits it.
Allowed if:
Link to PDF contains #FDF=url.
FDF has no /FDF key.
x-domain policy permits it.
Allowed if:
PDF makes EFS POST/GET and FDF sends
data in https response to same PDF.
x-domain policy permits it.
Authorization required if enhanced security is on and
document is not set as a privileged location.
Injection is blocked unless if enhanced security is on
and FDF is not in a privileged location.
135

Advertisement

Table of Contents
loading

Related Manuals for Adobe 22002486

Related Content for Adobe 22002486

This manual is also suitable for:

Digital signature

Table of Contents