Acrobat/Reader 9: HTTP submit button does not open local files

Information

Security restrictions in Adobe Reader and Acrobat 9 restrict you from opening local files (Excel, Word, and so on) from within a PDF using Javascript (launchURL).  This action poses a security risk for the PDF file, and could allow dangerous files to be opened, and a script to be executed.

In previous versions of Acrobat or Reader (before 9.0), you can point the HTTP Submit button to a file:// URL on a network/local file system. The local file was “downloaded” using the browser’s plug-in. This behavior is not the intention of the HTTP Submit button. So, it’s been locked down in Acrobat and Reader 9 and later.

The HTTP submit button is used to send the form’s data to a server once the form has been filled. The resulting PDF can then be displayed to the user.

To reference or open local files from a PDF, run the PDF file in a privileged context (in the Javascript console or in a batch process). Or, certify the PDF file.  If you are running Acrobat or Reader in a browser context, you could put the local file on a web server and use the HTTP URL.

You can find more information to this security restriction under “app” and then the “methods” tab, and then under the launchURL method:

http://livedocs.adobe.com/acrobat_sdk/9.1/Acrobat9_1_HTMLHelp/JS_API_AcroJS.88.150.html

Extract from the JavaScript Documentation:

Note: Beginning with Acrobat 8.1, file and JavaScript URLs can be executed only when operating in a privileged context, such as during a batch event. File and JavaScript URLs begin with the scheme names javascript or file.

reference: (181917275)

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 7.0/10 (3 votes cast)
Acrobat/Reader 9: HTTP submit button does not open local files, 7.0 out of 10 based on 3 ratings

3 Responses to Acrobat/Reader 9: HTTP submit button does not open local files

  1. Luke says:

    Do you know why launchURL() behavior is somewhat random with Reader X and IE? We had no problems with 9, but since moving to X, sometimes it works and sometimes it doesn’t. Same PDF, same browser, etc.

    Details here:

    http://forums.adobe.com/message/4640371#4640371

    This certainly seems like a bug.

    • dmcmahon says:

      The new protected mode in Reader X has changed the entire security concept in Adobe Reader and how it interacts with everything outside of the PDF, including external links. There have also been many bug fixes in all versions from 10.0 to 10.1.4, including fixes for launchURL().

      I would suggest you report this as a new bug with the details from your forum post, and perhaps a sample PDF file showing the behaviour. You should report this through your enterprise support channel, as it seems you are running Reader in an orgnisation, or using the following form:
      https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform

      • Luke says:

        Thanks David, I’ll give that a shot.

        For what it’s worth, I just tried updating to 10.1.4 (10.1.4.38 specifically) and the problem seems to still exist.