Comment by weinzierl
7 days ago
My point is that nothing runs without at least one initial user interaction - which makes a big difference for security.
I believe this is even true for Acrobat with default settings, because while you can trigger JavaScript when a document is opened (/OpenAction) Acrobat will ask for permission.
I think I got your point but might have expressed myself badly. The pdf can run js and messes with the display right at opening time, without any warning or ask for permission.
Exactly, thanks for the clarification.