Hello Pascal, It is just simple text, which is displayed and not interpreted or executed. I would say, no risk there.
The only risk would be, if the font rendering application would have some security bug. But this shouldn't be your concern. Best Waldemar > On 19. 10 2021, at 14:10, Knüppel, Pascal <pascal.knuep...@governikus.de> > wrote: > > Hi, > > we are using apache PDFBox to simply add a new page with some text to an > already existing PDFFile. Now we got a new requirement that wants us to > insert free-text chosen by the customer to be inserted into the file. This > make me actually some kind of nervous because I am not sure if it is possible > to inject malicious code into the pdf-file using the following code-block: > > contentStream.beginText(); > contentStream.setFont(font, fontSize); > contentStream.newLineAtOffset(marginLeft, texty); > contentStream.showText(text); > contentStream.endText(); > > Can anyone help me here? > My guess would be that it is not possible because PDFBox is probably > inserting the text – whatever it may contain – as simple text into the > pdf-file. But I am not sure of it. > > Best regards > Pascal > > > > Hauptsitz: Hochschulring 4, 28359 Bremen > Niederlassungen: Universitätsstr. 2, 10117 Berlin | Herwarthstraße 1, 50672 > Köln | Johannesstr. 162, 99084 Erfurt > > Governikus GmbH & Co. KG > Aufsichtsratsvorsitzende: Carola Heilemann-Jeschke > Geschäftsführer: Dr. Stephan Klein, Holger Mohrmann > Amtsgericht Bremen HRA 22041 | St.-Nr. 60/100/04568 | USt-ID DE203827312 > > Persönlich haftende Gesellschafterin: > Governikus Bremen GmbH > Geschäftsführer: Dr. Stephan Klein, Holger Mohrmann Amtsgericht Bremen HRB > 18756 > > > **************************************************** > Veranstaltungsvorschau: Besuchen Sie uns… > SCCON | 26.-27.10.2021 | Virtuell https://www.smartcountry.berlin/de/ > <https://www.smartcountry.berlin/de/> > 8. Zukunftskongress Staat & Verwaltung | 13.-15.12.2021 | bcc Berlin > https://www.zukunftskongress.info/de/8-Zukunftskongress > <https://www.zukunftskongress.info/de/8-Zukunftskongress> > OMNISECURE | 24.-26.01.2022 | Berlin https://omnisecure.berlin/ > <https://omnisecure.berlin/> > Governikus Jahrestagung | 23.-24.02.2022 | Berlin > https://www.jahrestagung.governikus.de/ > <https://www.jahrestagung.governikus.de/> Waldemar Dick signing & security
