6

I am wondering about the scripting and such capabilities within epub and mobi files. I see that there are free programs to open them such as Calibre or in a web browser. Is it similar to a pdf, where it is mainly dependent on the program and system opening the file? Is it safer to use a program like Calibre rather than a browser? Besides intended scripting abilities, would errors in programs like Calibre allow for code execution (within reason, I realize this is probably a potential problem for any program or file)?

I realize you can never really be 100% sure, but I feel safe opening pdfs in Preview because supposedly the scripting capabilities are not there. Is there a similar line to follow with epubs or mobi or are they completely innocuous?

fightermagethief
  • 853
  • 4
  • 12
  • 26
  • 1
    if anyone is curious about this issue here is an interesting article that covers a wide spectrum of the topic of ebook-file infection (the article gets into detail a few paragraphs down):http://www.baldurbjarnason.com/notes/epub-javascript-security/ – fightermagethief Sep 20 '13 at 16:46
  • 1
    I am finding that, generally speaking, ebook files can contain javascript and are unsafe. Many, if not all, e-book reading programs and methods of opening are more unsafe than PDF files. There do not seem to be more mature ways of dealing with e-books (such as Preview for PDFs) and they are difficult to sandbox properly in a browser. Seems like a much more likely scenario of infection than even PDFs. – fightermagethief Sep 20 '13 at 17:35

0 Answers0