back to article Doh! WikiLeaks' PDF viewer springs XSS vuln

Wikileaks' Flash-powered PDF reader has sprung a vulnerability or two. The whistle-blowing website uses an open source Flash library called FlexPaper to display PDF files. Unfortunately various coding errors left FlexPaper open to cross site scripting and content spoofing. Developers behind the open source web based document …

  1. Spender

    Flash?

    That's quaint. All the cool kids are using pdf.js.

    http://mozilla.github.io/pdf.js/web/viewer.html

    On a site that's related to security matters and secrecy, given its prior record, doing stuff in Flash seems foolhardy

    1. Anonymous Coward
      Anonymous Coward

      Re: Flash?

      As someone who works under the hood on PDF, I am sorry to inform you that pdf.js is shit. It handles the easy stuff OK, but there's an awful lot it doesn't handle correctly, or at all. Customers finding documents are rendered incorrectly in pdf.js and filing bug reports with us make it the bane of our lives.

      1. Spender

        Re: Flash?

        ...but you're still using it in preference to FlexPaper, right?

  2. PNGuinn
    Stop

    MORONS

    See Title. That is all

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022