The plug-in has two categories of security settings: (1) settings that limit which servers can generate hit highlighting information based on the location of the PDF file, and (2) a verification protocol to ensure that the highlighting server is able to generate hit highlighting data.
These are intended to guard against use of the plug-in to exploit security vulnerabilities in web sites that do not sufficiently guard against cross-site scripting and cross-site request forgery attacks.
The default settings only allow a site to hit-highlight its own PDF files. In cases where a site hit-highlights content located on other web sites, the Security Options dialog box allows the user to enter the web site as a "trusted" site that is allowed to do this.
To prevent use of the plug-in to send forged requests to web sites, the plug-in will send a standard validation request to make sure the target URL is really a PDF search highlighter. The validation request replaces the query in the original URL with "IsPdfHighlighter", and expects a response that contains "YesPdfHighlighter".
For example, suppose a user clicks this link:
https://www.example.com/harmless.pdf#xml=https://www.example.com/shopping.asp?buy=Product&ShipTo=Attacker
Adobe Reader will open the PDF file, and the dtSearch plug-in will see the #xml= in the URL. To verify the target URL, before requesting the highlighting data, the dtSearch plug-in will first send this request:
https://www.example.com/shopping.asp?IsPdfHighlighter
A shopping script that is not aware of the PDF search highlighting protocol will not respond with the specific "YesPdfHighlighter" code. If the server does not respond with this text, the dtSearch plug-in will decide the server does not support PDF highlighting and the request will not be sent.
To preserve backward compatibility with servers that have not been updated, users will have the option to disable this verification.
