Y’know, all those horrible government forms?
No, I mean the digital ones, meant to be opened specifically with Adobe Reader?
Well, in Q4 2021, Mozilla’s PDF.js landed support for XFA PDF forms, so Firefox is now able to deal with them, which is huge deal, as we have been increasingly encountering such documents over the years, and still will be for a long time, especially given how slow-moving governments can be when it comes to their digital practices.
It would be fantastic to see these code insights put to use in Poppler, the library that Evince, Okular and other applications use… so if someone feels like fixing one of the few biggest issues with reading/filling PDFs under Linux, please use this code (see also: all the XFA-related pull requests) as inspiration to contribute a fix to this and that issue in Poppler!
Of course, there are remaining issues related to forms in PDF.js, but it’s still better than nothing; and perhaps your efforts in replicating this functionality into Poppler can lead to interesting cross-project findings that can also benefit the PDF.js project?
Comments
3 responses to “Please adapt Mozilla’s code so that PDF readers on Linux can handle XFA forms!”
Honestly I do not recommend using dedicated PDF readers unless you are sure it is sandboxed without major sandbox holes (e.g. evince running under flatpak uses –filesystem=host and so is not sandboxed at all). Certainly poppler is dangerous. PDF.js via Firefox or Epiphany is the safest way to view PDFs on Linux. And it has just been integrated into WebKit, so it will be available in other WebKitGTK-based browsers soon, and probably also Safari before too long.
A better standalone PDF viewer should probably just use WebKit and PDF.js, or else at least take care to sandbox poppler very carefully.
Well it took us so long to actually get any annotations features in Evince, I wouldn’t want to lose that. I’m not aware of PDF.js having annotation features beyond form filling?
You raise an interesting idea, but how would a PDF.js-based desktop PDF reader be any more secure than Evince if you have to be able to open PDFs from anywhere in your home directory, not just from web pages? If you were to have a PDF.js-based app running as a native distro package instead of a Flatpak, why would it be fundamentally more secure than, say, Evince+Poppler in a Flatpak with permissions set to the XDG Documents and Downloads directory, or even home directory?
I think this is not a good idea to put this in Poppler. Instead we can build an alternative with GJS and a virtual dom (the dom doesn’t have to do everything, just what PDF.js needs and you could take a look at happydom or jsdom for example) and write a GUI with Gtk4 for it. With this we don’t need WebKit.
I would be interested in this project if others would join. Feel free to contact me at pascal@artandcode.studio or here in the comments.