Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book Software > Calibre > Viewer

Notices

Reply
 
Thread Tools Search this Thread
Old 05-02-2022, 06:29 AM   #1
edp445
Junior Member
edp445 began at the beginning.
 
Posts: 1
Karma: 10
Join Date: May 2022
Device: none
Question Disable JavaScript in the ebook-viewer

Hello there . I've been using Calibre to manage my e-book library for a while now, but I've recently started to use the integrated ebook-viewer to read ebooks on the computer at home.

One feature of Calibre's ebook-viewer that concerns me is the support for embedded JavaScript within EPUB books - I've verified that Calibre supports embedded JavaScript with [this](https://github.com/fxpar/interactive-epub-checker) EPUB3 file.

Even with sandboxing enabled in the Chromium engine, I'm still concerned about the security implications of the ebook-viewer executing random pieces of JavaScript from books that may have come from untrusted sources.

Even if there is absolutely no security concern, the idea of a random EPUB file being able to modify its' own content is unnerving, and I'd much rather be able to disable it.

For example, Firefox's PDF.js recently implemented JavaScript within PDF files (which I believe is equally as nonsensical). Here, the scripting can be disabled by a special feature flag in about:config. It would be great if there was an equivalent for Calibre's ebook-viewer as well - it would improve security and also give me peace of mind!

Thank you
edp445 is offline   Reply With Quote
Old 05-02-2022, 07:09 AM   #2
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 45,242
Karma: 27110894
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
Sorry, I have no interest in implementing such a feature. calibre's viewer is based on chromium and all book javascript is executed in a separate process (via a iframe). If you think that's insecure I assume you also browse the internet with JS disabled. And if you do that, you might as well just convert your books to a format without support for JS and read that. Use FB2 or DOCX
kovidgoyal is offline   Reply With Quote
Advert
Reply


Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disable CSS property in viewer? odonterla Calibre 2 05-14-2020 10:50 PM
E-book viewer - disable TOC sync ? vilius Calibre 2 04-10-2014 09:29 AM
Disable Javascript in Book View TheGreatGig Sigil 7 11-21-2011 09:32 AM
[old-topic]ebook-viewer: Open source, crossplatform viewer for EPUB, LIT, MOBI, etc kovidgoyal Calibre 68 05-30-2011 08:46 PM
# user css for viewer.py/ ebook-viewer/ prs-650 tscamera Calibre 0 01-02-2011 06:28 PM


All times are GMT -4. The time now is 11:45 PM.


MobileRead.com is a privately owned, operated and funded community.