Adobe 22002486 Digital Signature User Guide - Page 139
Setting JavaScript Options
View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 139 highlights
Acrobat 9 Family of Products Security Feature User Guide External Content and Document Security Setting JavaScript Options 139 Never allow multimedia for untrusted documents: Never trust any certificate for dynamic content and clear your trusted document list. Then configure your Other Document multimedia settings to Never or Prompt. Note: There is no way to guarantee that multimedia won't play based on the trusted document list and certificate trust level alone. Application preferences always override these restrictions. 9.3 Setting JavaScript Options 9.3.1 High Privilege JavaScript Defined High privilege JavaScripts are Acrobat methods with security restrictions. These are marked by an "S" in the third column of the quick bar in the JavaScript for Acrobat API Reference. These methods can be executed only in a privileged context, which includes the console, batch, menu, and application initialization events. All other events (for example, page open and mouse-up events) are considered non-privileged. The description of each security-restricted method indicates the events during which the method can be executed. Beginning with Acrobat 6.0, security-restricted methods can execute in a non-privileged context if the document is certified and the certifier's certificate is trusted for executing embedded high privilege JavaScript. In Acrobat versions earlier than 7.0, menu events were considered privileged contexts. Beginning with Acrobat 7.0, execution of JavaScript through a menu event is no longer privileged. You can execute security-restricted methods through menu events in one of the following ways: By going to Edit > Preferences > JavaScript and checking the item named Enable menu items JavaScript execution privileges. By executing a specific method through a trusted function (introduced in Acrobat 7.0). Trusted functions allow privileged code-code that normally requires a privileged context to execute-to execute in a non-privileged context. For details and examples, see app.trustedFunction in the JavaScript for Acrobat API Reference. 9.3.2 Javascript and Certified Documents Whether JavaScript runs in certified documents depends on whether you have explicitly trusted the certifier's digital ID certificate (directly or indirectly by trusting an issuer on the certificate chain) for that action. You can control script behavior on a per-certificate basis or by using trust anchors. If a signer's certificate chains up to another certificate (a trust anchor) that allows high privileged JavaScript, then high privileged JavaScript will run in that document. For example, some enterprises may issue a MyCompany certificate that allows high privileged JavaScript. If all employee certificates use ExampleCompany as a trust anchor, then they can send and receive certified documents within the company that contain working JavaScript. If you need to enable JavaScript in certified documents, set certificate trust. Tip: Because scripts could potentially change the document's appearance or allow attackers access to your system, participants in certified workflows should consider the source of the document and the security of the workflow before enabling this option.