Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. CSP is used to enforce that the JavaScript and styling properties within the WebView are entirely static.

License

MIT, Apache-2.0 licenses found

Licenses found

MIT
LICENSE
Apache-2.0
PDFJS_LICENSE
NotificationsYou must be signed in to change notification settings

GrapheneOS/PdfViewer

Simple Android PDF viewer based on pdf.js and content providers. The appdoesn't require any permissions. The PDF stream is fed into the sandboxedWebView without giving it access to the network, files, content providers orany other data.

Content-Security-Policy is used to enforce that the JavaScript and stylingproperties within the WebView are entirely static content from the APK assetsalong with blocking custom fonts since pdf.js handles rendering those itself.

It reuses the hardened Chromium rendering stack while only exposing a tinysubset of the attack surface compared to actual web content. The PDF renderingcode itself is memory safe with dynamic code evaluation disabled, and even ifan attacker did gain code execution by exploiting the underlying web renderingengine, they're within the Chromium renderer sandbox with less access than itwould have within the browser.

Sponsor this project

  •  

Contributors21

[8]ページ先頭
©2009-2025 Movatter.jp