Advanced Features
Scope: Core API (@scaryterry/pdfium).
Use this guide when you need signature metadata inspection or JavaScript action visibility in PDF workflows.
Digital Signatures
Section titled “Digital Signatures”@scaryterry/pdfium allows you to inspect digital signatures within a PDF document. While full signature verification (cryptographic validation) is outside the scope of PDFium itself, you can access signature metadata to display status information or pass data to a verification library.
Inspecting Signatures
Section titled “Inspecting Signatures”if (document.hasSignatures()) { console.log(`Found ${document.signatureCount} signatures`);
for (const sig of document.signatures()) { console.log(`Signature #${sig.index}`); console.log(`Reason: ${sig.reason}`); console.log(`Time: ${sig.time}`); console.log(`SubFilter: ${sig.subFilter}`); // e.g., 'adbe.pkcs7.detached'
// Access raw signature content (DER encoded) if (sig.contents) { console.log(`Signature data length: ${sig.contents.length} bytes`); }
// Access byte range covered by the signature if (sig.byteRange) { console.log(`Byte Range: ${sig.byteRange.join(', ')}`); } }}JavaScript Support
Section titled “JavaScript Support”PDF documents can contain JavaScript actions that execute in response to events (e.g., opening the document, clicking a button). PDFium provides hooks to execute these actions or extract the scripts.
Executing Document Scripts
Section titled “Executing Document Scripts”To ensure a PDF behaves as intended (e.g., calculating form values automatically), you should trigger standard document events.
// Execute "Will Save" actions before savingimport { DocumentActionType } from '@scaryterry/pdfium';
document.executeDocumentAction(DocumentActionType.WillSave);
// Execute document-level JavaScript (e.g., Open Action)document.executeDocumentOpenAction();Inspecting JavaScript Actions
Section titled “Inspecting JavaScript Actions”You can extract all JavaScript embedded in the document for analysis or sanitization.
const jsActions = document.getJavaScriptActions();
for (const action of jsActions) { console.log(`Action Name: ${action.name}`); console.log(`Script Code:`); console.log(action.script);}This is particularly useful for security scanning to detect malicious scripts embedded in PDFs.
Annotation-Level JavaScript
Section titled “Annotation-Level JavaScript”Form field widgets can have JavaScript attached to specific events (e.g., formatting, validation). Use getFormAdditionalActionJavaScript() to read these scripts:
import { FormFieldActionEvent, AnnotationType } from '@scaryterry/pdfium';
using page = document.getPage(0);
for (const annot of page.getAnnotations()) { if (annot.type !== AnnotationType.Widget) continue;
const formatJs = annot.getFormAdditionalActionJavaScript(FormFieldActionEvent.Format); if (formatJs) { console.log(`Field "${annot.getFormFieldName()}" has Format JS: ${formatJs}`); }
const validateJs = annot.getFormAdditionalActionJavaScript(FormFieldActionEvent.Validate); if (validateJs) { console.log(`Field "${annot.getFormFieldName()}" has Validate JS: ${validateJs}`); }}The FormFieldActionEvent enum includes:
| Event | Description |
|---|---|
KeyStroke | Triggered on each keystroke in a text field |
Format | Triggered to format the field value for display |
Validate | Triggered to validate the field value |
Calculate | Triggered to recalculate dependent field values |