Skip to content

Allow configurable Producer field to address security concerns #3893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Allow configurable Producer field to address security concerns #3893

wants to merge 21 commits into from

Conversation

1234-ad
Copy link

@1234-ad 1234-ad commented Oct 1, 2025

Fix for Issue #3878: Allow setting of Producer

This PR addresses the security concern raised in issue #3878 by making the PDF Producer field configurable instead of hardcoded.

Problem

Currently, jsPDF automatically adds Producer metadata with the jsPDF version number, which can be seen as an "Information disclosure vulnerability" as mentioned in the issue.

Solution

This PR implements a configurable producer field that allows users to:

  • Set a custom producer value
  • Remove producer information entirely (for security)
  • Maintain backward compatibility (defaults to current behavior)

Changes Made

  1. Added producer to documentProperties: The producer is now a configurable property
  2. Modified putInfo function: Uses configurable producer value if set, otherwise falls back to default
  3. Backward compatibility: If no custom producer is set, behavior remains unchanged

Usage Examples

// Set custom producer
var doc = new jsPDF();
doc.setDocumentProperty('producer', 'My Custom Producer');

// Remove producer info for security
doc.setDocumentProperty('producer', '');

// Use setDocumentProperties
doc.setDocumentProperties({
  producer: 'Custom PDF Generator v1.0'
});

Files Changed

  • Added producer property to documentProperties object
  • Modified putInfo function to use configurable producer
  • Added test examples and documentation

Security Benefits

  • Allows users to remove or customize jsPDF version information
  • Addresses information disclosure vulnerability concerns
  • Maintains full backward compatibility

Fixes #3878

HackbrettXXX
HackbrettXXX requested changes Oct 7, 2025
View reviewed changes
Copy link
Collaborator

@HackbrettXXX HackbrettXXX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this PR. Please remove the obsolete files and correctly integrate the code into the repo and the tests into our test structure.

1234-ad added 16 commits October 7, 2025 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HackbrettXXX HackbrettXXX HackbrettXXX requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Request: Allow setting of Producer
2 participants
@1234-ad @HackbrettXXX