I once discovered and reported a vulnerability in Nextcloud's web client that was due to them including an outdated version of a JavaScript-based PDF viewer. I always wondered why they couldn't just use the browser's PDF viewer. I made $100, which was a large amount to me as a 16 year old at the time.

Here is a blog post I wrote at the time about the vulnerability (CVE-2020-8155): https://tripplyons.com/blog/nextcloud-bug-bounty

▲

rahkiin 3 days ago | parent [-]

I recently needed to show a pdf file inside a div in my app. All i wanted was to show it and make it scrollable. The file comes from a fetch() with authorzation headers.

I could not find a way to do this without pdf.js.

▲

moi2388 3 days ago | parent | next [-]

The html object tag can just show a pdf file by default. Just fetch it and pass the source there.

What is the problem with that exactly in your case?

	▲	jrochkind1 3 days ago \| parent [-]
		I think it can't do that on iOS? Don't know if that is the relevant thing in the choice being discussed though. Not sure about Android.

▲

rahkiin 3 days ago | parent | prev | next [-]

This made me try it once more and I got something to work with some Blobs, resource URLs, sanitazion and iframes.

So I guess it is possible

▲

tripplyons 3 days ago | parent [-]

Yeah, blobs seem like the right way to do it.

	▲	rahkiin 3 days ago \| parent [-]
		There does not seem to be a way to configure anything though. It looks quite bad with the default zoom level and the toolbar…

▲

silverwind 3 days ago | parent | prev [-]

https://www.npmjs.com/package/pdfobject works well as a wrapper around the <object> tag. No mobile support though.