<script>alert()</script>, and when I tried to open the PDF, the script magically got executed in the browser. I reported this issues to the webmaster, they fixed it but did not tell me what have happened. What I have also found is that this above text must be in a certain font so it will be executed (unfortunately I forgot what font it was).
Today, I was copying a piece of text from a PDF that was saved off a web page, and paste the text to a word document, and I found what displayed in the PDF as “certified” became “certiÕed”. Again, it only happens to a certain font, the font in that PDF is “open sans”, a wired font that my PDF editor does not have, but can still display.
I have very limited knowledge about PDF and fonts and encoding, I wonder if someone knowledgeable can explain what are the underlying reasons of my first and second observation. The first one is definitely a XSS breach, but does the second may bear any security risk?