We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

Securing Document Disables JavaScript and Convert XFA to Acroform using Aspose.PDF for .NET

Hello,

I am needing to implement document privileges on a PDF that contains custom JavaScript. When the code below is applied, the JavaScript does not work:

 DocumentPrivilege documentPrivilege = DocumentPrivilege.ForbidAll;
        documentPrivilege.AllowPrint = true;
        documentPrivilege.AllowAssembly = false;
        documentPrivilege.AllowCopy = false;
        documentPrivilege.CopyAllowLevel = 1;
        documentPrivilege.ChangeAllowLevel = 4;
        documentPrivilege.AllowScreenReaders = true;

        
        //Secure without a password
        pdfDocument.Encrypt(string.Empty, string.Empty, documentPrivilege, CryptoAlgorithm.AESx128, false);

Any help would be appreciated!

Thanks,

Bill

Hi Bill,


Thanks for using our API’s.

Can you please share the resource file, so that we can test the scenario in our environment. We are sorry for this inconvenience.

Hello,



I have uploaded a sample PDF that contains custom JavaScript that was implemented via Aspose PDF, and secured via the same. The button at the top should bring you to a page below, the reset should clear all form fields, and the check boxes on the second page all implement custom code as well.



Appreciate any help into the question why securing the document disables the JavaScript.



Thanks,



Bill

Hi Bill,


Thanks for sharing the resource file.

I am able to notice that JavaScript is disabled against buttons present inside the document. However we request you to please share the resource/input PDF file on which you have applied security settings. We are sorry for this inconvenience.

Hello,



I have attached 2 files:



1. output before security.pdf - PDF file containing form controls generated by Aspose PDF before security was applied. All the JavaScript is functional.



2. output after security.pdf - the same file after security has been applied. The JavaScript has become disabled.



Thanks,



Bill

Hi Bill,


Thanks for sharing the resource file.

I have tested the scenario using latest release of Aspose.Pdf for .NET 11.6.0 and I am unable to notice any issue. As per my observations, the JavaScripting is properly being preserved inside PDF file. For your reference, I have also attached the output generated over my end.

[C#]

Document pdfDocument = new Document(“c:/pdftest/output+before+security.pdf”);<o:p></o:p>

DocumentPrivilege documentPrivilege = DocumentPrivilege.ForbidAll;

documentPrivilege.AllowPrint = true;

documentPrivilege.AllowAssembly = false;

documentPrivilege.AllowCopy = false;

documentPrivilege.CopyAllowLevel = 1;

documentPrivilege.ChangeAllowLevel = 4;

documentPrivilege.AllowScreenReaders = true;

//Secure without a password

pdfDocument.Encrypt(string.Empty, string.Empty, documentPrivilege, CryptoAlgorithm.AESx128, false);

pdfDocument.Save(“c:/pdftest/output+before+security_resultant.pdf”);

I was able to do this successful by first doing all the processing that I was originally doing, saving the file, then re-opening it to insert the security features. This parallels your experience. I’ve attached a screenshot of the security requirements that I have. Could you let me know how I can achieve this? Specifically, I need to not allow comments, allow signing, and not allow creation of template pages.

Thanks,

Bill

Hi Bill,


Thanks for sharing the details.

Your above stated requirements (exception Allow creation of Template pages) can be accomplished using following code snippet. Please note that ISO standard does not support this feature and therefore can not be implemented in our API. The creation of template page are supported in Adobe Pro (has GUI to accomplish these tasks), but Acrobat Reader also does not support this feature.

For your reference, I have also attached the image file showing access privileges over PDF file through following code snippet.

[C#]

Document pdfDocument = new Document(“c:/pdftest/output+before+security.pdf”);<o:p></o:p>

DocumentPrivilege documentPrivilege = DocumentPrivilege.ForbidAll;

documentPrivilege.AllowPrint = true;

documentPrivilege.AllowAssembly = false;

documentPrivilege.AllowCopy = false;

documentPrivilege.CopyAllowLevel = 1;

documentPrivilege.ChangeAllowLevel = 1;

documentPrivilege.AllowScreenReaders = true;

//Secure without a password

pdfDocument.Encrypt(string.Empty, string.Empty, documentPrivilege, CryptoAlgorithm.AESx128, false);

pdfDocument.Save(“c:/pdftest/output+before+security_resultant.pdf”);

Thank you, that worked fine.



I have another security issue related to a specific file that contains JavaScript that has been added to it via Aspose PDF. The attached file GP5124NM_ip.pdf contains form fields added via Aspose PDF, along with JavaScript code for both the OnOpenPage and OnLostFocus events. All the scripts are functioning as expected. However, when we apply the security as specified in this thread, the resulting file (GP5124NM_op.pdf) does not behave the same. Specifically, the OnOpenPage event for several fields is supposed to set those fields to read only. When security is applied to the file, this code does not execute correctly and the fields are not read only after the file is opened. Please compare the state of the 2 attachments to see what I mean. Would appreciate some insight as to what might be causing this issue.



Thanks,



Bill

Hi Bill,


Thanks for contacting support.

I have gone through problem description and as per my understanding, the fields inside PDF document need to be Read-Only as we are setting value for AllowAssembly as False. Please note that during my testing with Aspose.Pdf for .NET 11.7.0 and as per my observations, the fields are being marked as ReadOnly. For your reference, I have also attached the output generated over my end. Can you please take a look and in case I am missing something, please share some further details.

[C#]

Document pdfDocument = new Document(“c:/pdftest/GP5124NM_ip.pdf”);<o:p></o:p>

Aspose.Pdf.Facades.DocumentPrivilege documentPrivilege = Aspose.Pdf.Facades.DocumentPrivilege.ForbidAll;

documentPrivilege.AllowPrint = true;

documentPrivilege.AllowAssembly = false;

documentPrivilege.AllowCopy = false;

documentPrivilege.CopyAllowLevel = 1;

documentPrivilege.ChangeAllowLevel = 1;

documentPrivilege.AllowScreenReaders = true;

//Secure without a password

pdfDocument.Encrypt(string.Empty, string.Empty, documentPrivilege, CryptoAlgorithm.AESx128, false);

pdfDocument.Save("c:/pdftest/GP5124NM_ip_resultant.pdf");

FYI we are setting documentPrivilege.ChangeAllowLevel = 2 (not 1)

In the sample that you ran, none of the JavaScript would run at all, which is actually worse than what I am seeing. The file GP5124NM_ip.pdf is fully functional and shows how the final secured should behave. Textboxes are disabled when the document is opened and checking a checkbox will enable them. Entering a numeric value will cause the sum to update at the bottom.

Note that I am using JavaScript to disable certain textboxes when the document opens because when I did this server side, the OnLostFocus client side event would not fire (code to update the sum at the bottom). Everything is working fine, except after applying the security to the document, the code in the OnOpenPage event for each textbox does not work, and the textboxes are not being disabled when the document opens.

When I open the file in Adobe Acrobat Pro DC, the JavaScript debugger shows multiple errors such as:

NotAllowedError: Security settings prevent access to this property or method.
Field.readonly:2:Annot undefined:Open

The above errors are not happening for files that have not been secured. Somehow applying security is not allowing me to set the readonly property of the form fields.

I don’t care if this is done client side or server side. As I said above, setting the initial readonly value to true on the server resulted in other JavaScript not working correctly. Would really appreciated guidance here.

Thanks,

Bill

Hi Bill,


Thanks for sharing the details.

I have logged above stated problem as an investigation ticket as PDFNET-41215 in our issue tracing system. We will further look into the details of this problem and will keep you updated on the status of correction. Please be patient and spare us little time. We are sorry for this inconvenience.

OK, we appreciate your help. While that research is taking place, I am hoping you could help me take a step back and review how we can best solve the business requirements that we have (perhaps a different approach will get us there). Please follow these steps to understand what we’re trying to do:


  1. Open the file GP5124NM_ip.pdf (attached again for reference).
  2. Go to the section marked “2. Deposit Information” located on the first page.
  3. When you open the file, the form fields next to “External Transfer,” “Recurring Money,” and all form fields in the columns below should be disabled.
  4. Click on the checkbox next to the text “External Transfer.” All the associated form fields should become enabled. When the checkbox is unchecked, all associated form fields should become disabled again.
  5. When the form fields in either column receive a numeric value, the read only text box at the bottom of the column will update with the sum of all form fields in the column.
The form fields are being inserted into the PDF programmatically as Aspose.Pdf.InteractiveFeatures.Forms.TextboxField objects.

I was originally setting the TextBoxField object ReadOnly = true to get them to be disabled when the document opens. I then set the OnLostFocus action of the TextBoxField with script that performed the sum calculations. However, when the TextBoxField was set to ReadOnly server side, the script would not work. I then when about to disable each form field using JavaScript when the document opens by setting the OnOpenPage action of the TextBoxField. This is the approach currently used in the attached file, and it works, except when you apply security.

So there is a more in depth explanation of what we’re trying to do. Is there a better way to accomplish the above?

We appreciate your prompt response as this is affecting a production customer implementation.

Thanks,

Bill

Hi Bill,


Thanks for sharing the details.

I have gone though above stated description and as per my understanding, you have added JavaScript inside PDF file to enable/disable TextBoxFields inside PDF document and once you have applied the security, the JavaScript is disabled.

Now after applying security, your concern is to disable certain form fields which can be accomplished by flattening PDF file or converting this document to Standard Acro form. In order to flatten the form fields, please try using Document.Flatten(); method.

In order to convert XFA form to Standard AcroForm, please try following instructions specified over Convert Dynamic XFA Form to Standard AcroForm

In case I have not properly understood your requirement or you have any further query, please feel free to contact.

Hello,


Please let me clarify - the security is being applied programmatically via the code earlier in this thread as the last step before the document is delivered to end users. We do not want to flatten the document (this as I understand will remove the form fields). In my description above I am pointing out the following:

  1. Form fields that are disabled server side cannot be enabled client side
  2. Programmatically applying security causes JavaScript to fail

Given the business requirements stated earlier, I am looking for a recommended approach in order to proceed.

Hi Bill,


Thanks for the explanation.

As we already have logged an issue in our issue tracking system and is pending for review and unless we have completed our investigation, we may not be able to share any possible solution regarding its resolution. However as soon as we have some definite updates, we will let you know.