What does HackerNews think of horrifying-pdf-experiments?

:syringe: Stuff which works in Chrome and maybe Acrobat and Foxit.

Language: Python

SumatraPDF Reader | Oct 2023
Expand Context ↕
I think this is it: https://github.com/osnr/horrifying-pdf-experiments
Firefox 88.0 | Apr 2021
Expand Context ↕
Depends on your PDF viewer... https://github.com/osnr/horrifying-pdf-experiments
A PDF file that has a Breakout game inside | May 2020
Repo here: https://github.com/osnr/horrifying-pdf-experiments
Mathematics all-in-one cheat-sheet (2013) [pdf] | May 2019
Expand Context ↕
https://github.com/osnr/horrifying-pdf-experiments

https://www.alchemistowl.org/pocorgtfo/

Yes. Not only is it possible but historically already an avenue of attack.
PDF Is the World's Most Important File Format | May 2019
Expand Context ↕
Indeed they can: https://github.com/osnr/horrifying-pdf-experiments

(Note, breakout game only works in Chrome's PDF reader)
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group | Sep 2018
Expand Context ↕
Slightly OT, but you would be surprised at how much power PDFs have (especially when opened in Adobe Acrobat/Reader). I recently came across this monstrosity[1] on HN, and the author mentions this:

> Scripts can supposedly do things like make arbitrary database connections, detect attached monitors, import external resources, and manipulate 3D objects.

That's an unprecedented level of power for what is supposedly a simple document format.

That being said, PDFs are only a threat when opened in a with support for these obscure APIs, such as Adobe's own readers. You (probably) will be fine opening untrusted PDFs in Chrome's PDF reader (PDFium) and Preview.

[1]: https://github.com/osnr/horrifying-pdf-experiments
Breakout implemented in JavaScript in a PDF | Sep 2018
From the repository -

"Granted, most PDF readers (besides Adobe Reader) don't implement most of this stuff. But Chrome does implement JavaScript! If you open a PDF file like this one in Chrome, it will run the scripts."

https://github.com/osnr/horrifying-pdf-experiments

Doesn't work in Firefox for me. Try in Chrome if this is all you see on the first page.

  Move your mouse down here!
  also, README below...
Breakout implemented in JavaScript in a PDF | Sep 2018
The repository for this seems to indicate this only works in Chrome and a few other PDF readers[0]. Perhaps the title should be updated to reflect this.

0. https://github.com/osnr/horrifying-pdf-experiments

HTML Kong | Oct 2016
Related: Horrible PDF experiments (play breakout in a PDF document)

https://github.com/osnr/horrifying-pdf-experiments

Horrifying-pdf-experiments | Jul 2016
correct url seems to be https://github.com/osnr/horrifying-pdf-experiments