Security

Overview

JavaScript in PDF documents operates under a security model that protects users from potentially harmful operations. Certain functions are marked as "secure" and can only be executed in trusted contexts.

Secure vs. Non-Secure Functions

Non-Secure Functions - Can be called from any context:

• Reading form field values
• Basic calculations
• Displaying alerts
• Navigating pages
• Form manipulations

Secure Functions - Require elevated privileges:

• File system operations (util.readFileIntoStream, util.writeToFile)
• Launching URLs (app.launchURL)
• Path operations (app.getPath)
• Data import/export operations

Trust Levels by Context

Event and Document Scripts

Both run in an untrusted context and cannot execute secure functions directly:

// Button event or document script - WILL FAIL
var stream = util.readFileIntoStream("/C/data.txt")  // Security error!

Folder-Level Scripts

Can define trusted functions that execute secure operations:

// Folder-level script - CAN define trusted functions
var trustedReadFile = app.trustedFunction(function(path) {
    app.beginPriv()  // Elevate privileges
    var stream = util.readFileIntoStream(path)
    app.endPriv()    // Return to normal
    return stream
})

This pattern uses app.trustedFunction, app.beginPriv, and app.endPriv to handle secure operations.

Creating Trusted Functions

The pattern for trusted functions:

var myTrustedFunction = app.trustedFunction(function(parameters) {
    app.beginPriv()  // Start privileged block
    
    // Secure operations here
    var result = someSecureOperation()
    
    app.endPriv()    // End privileged block
    return result
})

Key points:

• Must be defined in folder-level scripts
• app.beginPriv() and app.endPriv() wrap secure operations
• Can be called from untrusted contexts

Trust Propagation

Helper functions that need privileges use app.trustPropagatorFunction():

// Helper that needs privileges
var trustedHelper = app.trustPropagatorFunction(function() {
    app.beginPriv()
    var path = app.getPath("user", "documents")
    app.endPriv()
    return path
})

// Main trusted function
var trustedMain = app.trustedFunction(function() {
    app.beginPriv()
    var path = trustedHelper()  // Helper inherits trust
    // Do something with path
    app.endPriv()
})

Alternative Trust Methods

Besides folder-level scripts, trust can be established through:

1. Trusted Locations: Mark folders as trusted in Revu preferences
2. Certified PDFs: Digitally signed PDFs with trusted certificates

These are configured through Revu's UI, not JavaScript.

Quick Reference

Establishing trust:

• Only possible in folder-level scripts
• Use app.trustedFunction()
• Wrap secure code with beginPriv/endPriv

Common secure operations:

• File I/O
• System paths
• URL launching
• Data import/export

Moving Forward

Understanding trusted functions and the security model enables powerful automation while maintaining safety. Folder-level scripts are the key to bridging the gap between untrusted PDF contexts and secure system operations. Next up we will look at a few more PDF specific concepts you will need.