pdp (architect) wrote:
I agree. I was thinking about a solution to the fragment problem, which is the topic of the thread (and a much more widespread situation than PDF upload).Amit, this is very interesting solution and it will probably work in most cases. However, if the attacker is able to upload PDF documents, he/she can craft one that will produce the desired result as soon as it gets opend by the user. This can be achieved by setting the PDFfile to redirect.
-Amit