View Full Version : "C'mon, I Want Lolcats" or "how to abuse JS in EPUB3"


AlPe
06-13-2013, 10:43 AM
Just a minimal PoC of how one can "abuse" JS embedded in an EPUB3 ebook to show content not easily detectably by just looking at the files inside the EPUB3 (ZIP) container.

In particular, if loaded in a JS-enabled EPUB3 reading system (e.g.: iBooks, Readium, Kobo iOS app), the user will be presented with a "non-existing" image...

http://www.albertopettarin.it/downloads/lolcats.epub

Enjoy (and/or discuss) :D

EDIT: a page discussing the above PoC is here: http://www.albertopettarin.it/lolcats.html

Nate the great
06-13-2013, 12:45 PM
LOL. That is funny.

PoP
06-13-2013, 04:08 PM
ROTFL at the mutant cat. Ingenious.

Also, I discovered that Calibre reader is JS-enabled.

JSWolf
06-13-2013, 04:17 PM
Then it's time for JS to be removed from ePub3 before we get more of this sort of nonsense.

AlPe
06-14-2013, 08:28 AM
Sandboxing + limited local storage + no network access (the latter two might be at user's will) should suffice as being a deterrent against "exploitation".

JS brings some benefits (manipulating the DOM might be used for very legitimate and worthy goals) and it fills some implementation gaps (like my Media Overlay emulator JS for reflowable EPUB3 ebooks in iBooks).

I think that the "JS rage" (no offence intended) should be directed towards other targets, like buggy, lacking, or non coherent implentation of (EPUB) standards.

JSWolf
06-14-2013, 12:55 PM
We don't need or even want JS, audio, video, and all that other garbage the standards committee pub into ePub3 to make it less about eBooks and more about flashy stuff.

DaleDe
06-14-2013, 01:10 PM
We don't need or even want JS, audio, video, and all that other garbage the standards committee pub into ePub3 to make it less about eBooks and more about flashy stuff.

Actually it seems the major thrust is for children's books. That is what this is all about.

Dale

AlPe
06-17-2013, 04:01 AM
I would distinguish between audio/video and JavaScript, since the latter poses some security issues. With respect to the former, not everyone will need or use them, I agree, but there are books that are quite amenable to be narrated, or for which video material might be helpful and I do not see a point for barring that possibility.

Kirtai
06-17-2013, 05:12 AM
Audio does have precedent too, in the form of DAISY synchronised audio/prose books.

Turtle91
06-17-2013, 01:06 PM
Wolfie's "we" is obviously the royal "We"...not intended to imply that we all agree with that statement! lol ;)

JSWolf
06-19-2013, 10:10 AM
So who here actually, wants JS, audio, video and other worthless things like that in your eBooks? I don't and I've read a lot saying no way.

ePub3 could have been adopted already if the standards committee had not added all this extra junk to it.

AlPe
06-21-2013, 03:20 AM
My (own) company is producing EPUB 3 Audio-eBooks for an Italian audiobook publisher. More than ~1K users bought them already, and I think that having text+audio (not TTS, but "real" human narration) is a pretty interesting experience.

But, of course, someone might prefer just reading the text. Or just listening to the narration.

BTW, you can download a free EPUB3 Audio-eBook of "The Curious Case of Benjamin Button" by F. Scott Fitzgerald here:

http://www.smuuks.it/index.php/en/projects/the-curious-case-of-benjamin-button

Soup~
06-26-2013, 03:16 PM
So who here actually, wants JS, audio, video and other worthless things like that in your eBooks? I don't and I've read a lot saying no way.

ePub3 could have been adopted already if the standards committee had not added all this extra junk to it.

Well, universities that are looking to distribute their textbooks (homegrown) to students as ebooks, at least.

The department at the institution I work at has been slowly shifting away from traditional models of textbook publishing/distribution. A few of our textbooks are in ePub and Mobi format and have embedded video files that explain concepts at different parts of the book. I think including videos and other media is something that students appreciate; I was a student not too long ago, and I know I would have appreciated it.

Our institution considered using iBooks Author to create/distribute the textbooks because of its video/audio support (among other features), but eventually opted for just creating ePub to make the publications more accessible to a wider range of students. I'm pretty sure that, if not for ePub also supporting audio/video, however, we would've ended up going with iBooks Author.

JSWolf
06-27-2013, 10:48 PM
By going for ePub3, your institution has made the textbook less accessible to students because there are hardly any programs/apps to handle ePub3.

Morganucopia
06-28-2013, 02:54 PM
Our institution considered using iBooks Author to create/distribute the textbooks because of its video/audio support (among other features), but eventually opted for just creating ePub to make the publications more accessible to a wider range of students. I'm pretty sure that, if not for ePub also supporting audio/video, however, we would've ended up going with iBooks Author.

An excellent, fully standards-compliant, free EPUB3 reader is Readium (http://readium.org/) and it's available as an extension to Google Chrome (https://www.google.com/intl/en/chrome/browser/). Perhaps your students can use that to read their textbooks. Plus, there's always Calibre (http://calibre-ebook.com/). :thumbsup:

DaleDe
06-28-2013, 09:38 PM
An excellent, fully standards-compliant, free EPUB3 reader is Readium (http://readium.org/) and it's available as an extension to Google Chrome (https://www.google.com/intl/en/chrome/browser/). Perhaps your students can use that to read their textbooks. Plus, there's always Calibre (http://calibre-ebook.com/). :thumbsup:

And a new competitor for Google OS and Readium is the new Firefox OS. It now support AZARDI for ePub 3. A windows version as a standalone is also available.
Apple is an ePub format also although it has some extensions to that format and some idiosyncrasies.

Dale

JSWolf
06-29-2013, 04:40 PM
The problem with Readium is that it requires Chrome. I would not insist that students infect their computers with Chrome.

JSWolf
06-29-2013, 04:42 PM
Apple is an ePub format also although it has some extensions to that format and some idiosyncrasies.

Dale

Apple is not a computer program.

DaleDe
06-29-2013, 06:31 PM
Apple is not a computer program.

Oops, sorry, I meant iBooks of course.