Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/grapheneos/pdfviewer

Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. CSP is used to enforce that the JavaScript and styling properties within the WebView are entirely static.
https://github.com/grapheneos/pdfviewer

android grapheneos pdf pdf-viewer pdfjs security

Last synced: 6 days ago
JSON representation

Host: GitHub
URL: https://github.com/grapheneos/pdfviewer
Owner: GrapheneOS
License: mit
Created: 2017-01-16T21:20:40.000Z (about 8 years ago)
Default Branch: main
Last Pushed: 2025-02-05T05:03:46.000Z (16 days ago)
Last Synced: 2025-02-08T10:01:55.180Z (13 days ago)
Topics: android, grapheneos, pdf, pdf-viewer, pdfjs, security
Language: Java
Homepage: https://grapheneos.org/
Size: 3.27 MB
Stars: 678
Watchers: 26
Forks: 103
Open Issues: 43
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Simple Android PDF viewer based on pdf.js and content providers. The app

doesn't require any permissions. The PDF stream is fed into the sandboxed

WebView without giving it access to content or files. Content-Security-Policy

is used to enforce that the JavaScript and styling properties within the

WebView are entirely static content from the apk assets. It reuses the hardened

Chromium rendering stack while only exposing a tiny subset of the attack

surface compared to actual web content. The PDF rendering code itself is memory

safe with dynamic code evaluation disabled, and even if an attacker did gain

code execution by exploiting the underlying web rendering engine, they're

within the Chromium renderer sandbox with no access to the network (unlike a

browser), files, or other content.