Hi, we are using apache PDFBox to simply add a new page with some text to an already existing PDFFile. Now we got a new requirement that wants us to insert free-text chosen by the customer to be inserted into the file. This make me actually some kind of nervous because I am not sure if it is possible to inject malicious code into the pdf-file using the following code-block: contentStream.beginText(); contentStream.setFont(font, fontSize); contentStream.newLineAtOffset(marginLeft, texty); contentStream.showText(text); contentStream.endText();
Can anyone help me here? My guess would be that it is not possible because PDFBox is probably inserting the text - whatever it may contain - as simple text into the pdf-file. But I am not sure of it. Best regards Pascal [cid:Logo-Governikus-2021-Mail-Footer_02_76dcf085-1277-4d10-a749-2ff785460c85.png] Hauptsitz: Hochschulring 4, 28359 Bremen Niederlassungen: Universitätsstr. 2, 10117 Berlin | Herwarthstraße 1, 50672 Köln | Johannesstr. 162, 99084 Erfurt Governikus GmbH & Co. KG Aufsichtsratsvorsitzende: Carola Heilemann-Jeschke Geschäftsführer: Dr. Stephan Klein, Holger Mohrmann Amtsgericht Bremen HRA 22041 | St.-Nr. 60/100/04568 | USt-ID DE203827312 Persönlich haftende Gesellschafterin: Governikus Bremen GmbH Geschäftsführer: Dr. Stephan Klein, Holger Mohrmann Amtsgericht Bremen HRB 18756 **************************************************** Veranstaltungsvorschau: Besuchen Sie uns... SCCON | 26.-27.10.2021 | Virtuell https://www.smartcountry.berlin/de/ 8. Zukunftskongress Staat & Verwaltung | 13.-15.12.2021 | bcc Berlin https://www.zukunftskongress.info/de/8-Zukunftskongress OMNISECURE | 24.-26.01.2022 | Berlin https://omnisecure.berlin/ Governikus Jahrestagung | 23.-24.02.2022 | Berlin https://www.jahrestagung.governikus.de/
