From 79834874306a18785210a364ae3ba089611b79db Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Mon, 13 May 2024 08:44:35 -0700
Subject: [PATCH] Security: Correctly disable eval in pdfjs (#6702)

---
 .../app/components/common/pdf-viewer/pdf-viewer.component.ts    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts b/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
index 4fc55429a..0c84521c6 100644
--- a/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
+++ b/src-ui/src/app/components/common/pdf-viewer/pdf-viewer.component.ts
@@ -35,7 +35,6 @@ import type {
 import { PDFSinglePageViewer } from 'pdfjs-dist/web/pdf_viewer'
 
 PDFJS['verbosity'] = PDFJS.VerbosityLevel.ERRORS
-PDFJS['isEvalSupported'] = false
 
 export enum RenderTextMode {
   DISABLED,
@@ -440,6 +439,7 @@ export class PdfViewerComponent
       cMapPacked: true,
       enableXfa: true,
     }
+    params.isEvalSupported = false
 
     if (srcType === 'string') {
       params.url = this.src