From a33c1663d416881e127e663b4eeca094d6b5ad54 Mon Sep 17 00:00:00 2001
From: Wojciech Duda <69160975+wojd0@users.noreply.github.com>
Date: Thu, 6 Jun 2024 14:26:12 +0200
Subject: [PATCH] AAE-22443 disable insecure eval support for pdf viewer
 (#9780)

---
 .../viewer/components/pdf-viewer/pdf-viewer.component.ts    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/core/src/lib/viewer/components/pdf-viewer/pdf-viewer.component.ts b/lib/core/src/lib/viewer/components/pdf-viewer/pdf-viewer.component.ts
index 4a97175170..1014f9ad19 100644
--- a/lib/core/src/lib/viewer/components/pdf-viewer/pdf-viewer.component.ts
+++ b/lib/core/src/lib/viewer/components/pdf-viewer/pdf-viewer.component.ts
@@ -181,7 +181,8 @@ export class PdfViewerComponent implements OnChanges, OnDestroy {
                 const pdfOptions = {
                     ...this.pdfjsDefaultOptions,
                     data: reader.result,
-                    withCredentials: this.appConfigService.get<boolean>('auth.withCredentials', undefined)
+                    withCredentials: this.appConfigService.get<boolean>('auth.withCredentials', undefined),
+                    isEvalSupported: false
                 };
                 this.executePdf(pdfOptions);
             };
@@ -193,7 +194,8 @@ export class PdfViewerComponent implements OnChanges, OnDestroy {
             const pdfOptions: any = {
                 ...this.pdfjsDefaultOptions,
                 url: urlFile.currentValue,
-                withCredentials: this.appConfigService.get<boolean>('auth.withCredentials', undefined)
+                withCredentials: this.appConfigService.get<boolean>('auth.withCredentials', undefined),
+                isEvalSupported: false
             };
             if (this.cacheType) {
                 pdfOptions.httpHeaders = {