EPUB "security", handling malicious / evil publications (Javascript, etc.) #1937
danielweck
started this conversation in
Developer corner
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
PDF paper from late 2020, no mention of Readium / Thorium, but Aldiko and Bluefire readers are included in the test results:
https://gjfr.dev/pdf/epub_ieee_ssp
The author(s) is(are) active contributors in the official EPUB tests:
https://github.com/GJFR
https://github.com/w3c/epub-tests/commits?author=GJFR
Repository of “evil” EPUBs:
https://github.com/DistriNet/evil-epubs
Original Twitter announcement:
https://twitter.com/GJFR_/status/1397526785370247171
Specification work:
https://www.w3.org/TR/epub-rs-33/#sec-scripted-content-security
https://www.w3.org/TR/epub-rs-33/#sec-security-privacy
Notable issue:
w3c/epub-specs#2548
Action item in Thorium: none for now, but let's watch this space in case there are "security holes" we should fix (currently, no explicit user consent for network communication, script execution etc.)
Beta Was this translation helpful? Give feedback.
All reactions