From 076b5b1af5dbd60a8cec3cae6c90dad6219354b7 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Tue, 7 May 2024 09:45:19 -0700
Subject: [PATCH] Security: Disable eval in pdfjs (#6615)

Closes https://github.com/paperless-ngx/paperless-ngx/security/dependabot/181 see https://github.com/advisories/GHSA-wgrm-67xf-hhpq
---
 .../src/app/components/common/pdf-viewer/pdf-viewer.component.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts b/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
index 274b06032..4fc55429a 100644
--- a/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
+++ b/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
@@ -35,6 +35,7 @@ import type {
 import { PDFSinglePageViewer } from 'pdfjs-dist/web/pdf_viewer'
 
 PDFJS['verbosity'] = PDFJS.VerbosityLevel.ERRORS
+PDFJS['isEvalSupported'] = false
 
 export enum RenderTextMode {
   DISABLED,