Hello there
. I've been using Calibre to manage my e-book library for a while now, but I've recently started to use the integrated ebook-viewer to read ebooks on the computer at home.
One feature of Calibre's ebook-viewer that concerns me is the support for embedded JavaScript within EPUB books - I've verified that Calibre supports embedded JavaScript with [this](
https://github.com/fxpar/interactive-epub-checker) EPUB3 file.
Even with sandboxing enabled in the Chromium engine, I'm still concerned about the security implications of the ebook-viewer executing random pieces of JavaScript from books that may have come from untrusted sources.
Even if there is absolutely no security concern, the idea of a random EPUB file being able to modify its' own content is unnerving, and I'd much rather be able to disable it.
For example, Firefox's PDF.js recently implemented JavaScript within PDF files (which I believe is equally as nonsensical). Here, the scripting can be disabled by a special feature flag in about
:config. It would be great if there was an equivalent for Calibre's ebook-viewer as well - it would improve security and also give me peace of mind!
Thank you