JSPrefs (JavaScript Controls)
JavaScript preferences turn script execution on and off, configure security options, and so on for the end user. For script authors, options are provided for configuring the debugger and preferred editor. This feature has several facets that interact with enhanced security and the TrustManager preferences.
Related resources:
This preference category contains the following subfeature(s):
JavaScript Execution Controls
These preferences enable granular control of JavaScript execution. Options include:
- Disabling JS globally
- Specifying whether global (document to document) object access is allowed
- Specifying specific APIs and invoking mechanisms via a whitelist or blacklist
Summary table
BlackList |
Enables the selective blocking of vulnerable JS APIs. |
DisableJavaScript |
Specifies whether to globally disable and lock JavaScript execution. |
EnableGlobalSecurity |
Controls whether or not a script in one sandbox can access a script object in another sandbox. |
EnableJS |
Toggles JavaScript execution on and off globally; when off, the PDF cannot execute JavaScript. |
EnableMenuItems |
Toggles off and on JavaScript's ability to execute menu items. |
WhiteList |
The whitelist of menu items that can be executed via JavaScript. |
|
Data type |
0 (bool)
|
Default |
1 |
Version # |
7.x+ |
User Path |
JSPrefs |
Lock Path |
Not lockable |
Summary |
Toggles JavaScript execution on and off globally; when off, the PDF cannot execute JavaScript. |
Details |
When the user's ability to create privileged locations is not disabled and locked, end users can bypass disabled JS by choosing Trust once or Trust Always via the Options button on the Yellow Message Bar. Admins can disable and lock JS execution by setting
bDisableJavaScript to 0 in HKLM. |
GUI mapping |
Preferences > JavaScript > JavaScript panel > Enable Acrobat JavaScript |
|
Data type |
0 (bool)
|
Default |
null |
Version # |
9.5 and 10.1.2+ |
Lock Path |
FeatureLockDown |
Summary |
Specifies whether to globally disable and lock JavaScript execution. |
Details |
This lockable setting can prevent end users from bypassing JS restrictions via privileged locations. Possible values include:
- 0 or null: Don't disable JS.
- 1: Disable and lock JS.
|
GUI mapping |
N/A |
|
Data type |
5 (text)
|
Default |
Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|..... etc. See the actual whitelist. |
Version # |
8.0+ |
Lock Path |
FeatureLockDown |
Summary |
The whitelist of menu items that can be executed via JavaScript. |
Details |
The default value may vary across versions. Some menu items can never be invoked via JavaScript.
In Acrobat 8 Adobe introduced a list of menu-item names captured in a whitelist that can be invoked via JavaScript. If a menu-item name appears on the list, then it can be executed from a non-privileged context, like a document script. If a menu-item name does not appear on the list, then that menu item can only be executed from a privileged context. Privileged contexts include the console window, a batch sequence and a trusted function.
Menu items can be added and removed from this list for individual Acrobat installations. Changing the whitelist works very well for closed environments, a single office for example. It's not practical to change the list for more distributed groups of users. The items not on this list by default are typically suitable only for use in an automation script. They should only be considered for document scripting under special circumstances.
Note:
For a complete article, see
Executing Acrobat Menu Items from JavaScript
Note:
When the Wizard is used to set this preference, it writes to cAdminExecMenuItems .
|
GUI mapping |
N/A |
|
Data type |
0 (bool)
|
Default |
1 |
Version # |
7.0+ |
User Path |
JSPrefs |
Lock Path |
Not lockable |
Summary |
Controls whether or not a script in one sandbox can access a script object in another sandbox. |
Details |
By default, scripts can not access objects outside the current document sandbox. With 9.x and later, such communication only works in the standalone application since both the Acrobat and Reader browser-based viewer opens each window in a discrete browser instance. |
GUI mapping |
Preferences > JavaScript > JavaScript Security panel > Enable global object security policy |
|
Data type |
5 (text)
|
Default |
null |
Version # |
9.2+ |
User Path |
See details. |
Lock Path |
FeatureLockDown |
Summary |
Enables the selective blocking of vulnerable JS APIs. |
Details |
tBlacklist maintains a list of restricted Acrobat JavaScript APIs that may present a security risk in some environments. The list specifies particular JS APIs rather than blocking the entire set of Acrobat JavaScript APIs by disabling Acrobat JavaScript. If the feature is not locked down, the user can override blacklist settings via a privileged location. Note that both the locked down and non-locked down lists reside in HKLM: There is an admin list and a user list:
- HKLM\SOFTWARE\Adobe\Adobe Acrobat\(version)\JavaScriptPerms\tBlackList
- HKLM\SOFTWARE\WOW6432Node\Policies\Adobe\Adobe Acrobat\(version)\FeatureLockDown\cJavaScriptPerms\tBlackList
Possible values include:
- An user specified list of blacklisted APIs in HKCU.
- An admin specified list of blacklisted APIs in HKLM.
For additional security-related details, refer to the Application Security Guide. |
GUI mapping |
N/A |
JavaScript Debugger
Configures the JavaScript Debugger.
Summary table
JavaScript Editor
Specifies which editor to use and configures its font and font size.
Summary table
ChooseDialog |
Specifies wither or not to use the Acrobat editor or an external editor. |
EditorFontName |
Specifies the font for the script editor. |
EditorFontSize |
Specified the font size for the script editor. |
EditorPath |
Provides a path to an external editor. |