Information
Security restrictions in Adobe Reader and Acrobat 9 restrict you from opening local files (Excel, Word, and so on) from within a PDF using Javascript (launchURL). This action poses a security risk for the PDF file, and could allow dangerous files to be opened, and a script to be executed.
In previous versions of Acrobat or Reader (before 9.0), you can point the HTTP Submit button to a file:// URL on a network/local file system. The local file was “downloaded” using the browser’s plug-in. This behavior is not the intention of the HTTP Submit button. So, it’s been locked down in Acrobat and Reader 9 and later.
The HTTP submit button is used to send the form’s data to a server once the form has been filled. The resulting PDF can then be displayed to the user.
To reference or open local files from a PDF, run the PDF file in a privileged context (in the Javascript console or in a batch process). Or, certify the PDF file. If you are running Acrobat or Reader in a browser context, you could put the local file on a web server and use the HTTP URL.
You can find more information to this security restriction under “app” and then the “methods” tab, and then under the launchURL method:
http://livedocs.adobe.com/acrobat_sdk/9.1/Acrobat9_1_HTMLHelp/JS_API_AcroJS.88.150.html
Extract from the JavaScript Documentation:
Note: Beginning with Acrobat 8.1, file and JavaScript URLs can be executed only when operating in a privileged context, such as during a batch event. File and JavaScript URLs begin with the scheme names javascript or file.
reference: (181917275)