PDF fonts, encodings, and risk potentials interacting with web browser

I once encountered a very interesting type of XSS on a website purely by accident. This website allows users to upload PDFs, and will open the PDF in browser with some builtin Javascript. What happened was I uploaded a paper of mine that contains a text <script>alert()</script>, and when I tried to open the PDF, the script magically got executed in the browser. I reported this issues to the webmaster, they fixed it but did not tell me what have happened. What I have also found is that this above text must be in a certain font so it will be executed (unfortunately I forgot what font it was).

Today, I was copying a piece of text from a PDF that was saved off a web page, and paste the text to a word document, and I found what displayed in the PDF as “certified” became “certiÕed”. Again, it only happens to a certain font, the font in that PDF is “open sans”, a wired font that my PDF editor does not have, but can still display.

I have very limited knowledge about PDF and fonts and encoding, I wonder if someone knowledgeable can explain what are the underlying reasons of my first and second observation. The first one is definitely a XSS breach, but does the second may bear any security risk?

How to change FB profile used when interacting with another page?

I used to be able to choose between posting as myself or as Oxjam Beeston Music Festival (volunteer organised music festival raising money for charity) for which I am an admin when posting to a public page of another organisation ie pages where you don’t have to join the group or whatever. In the posting box there would be a drop down arrow where I could choose between the two profiles. This seems to have disappeared. Any help gratefully received! Thanks

Xcode 11: How to enable/fix live Interacting preview option of Xcode (for attached live preview on apple device)? [migrated]

I am trying to get Interaction of my swiftUI interface live on my attached iPad Pro(Running iOS 13) but its not working. It can be seen in screenshot that it is (gray scaled) disabled (in WWDC it was blue). Is this a bug or I am missing any step. 1[ screenshot 1] screenshot 2

Interacting with other business networks: hyperledger composer

I have created 2 business network archives and deployed them successfully. 1) license-transfer-network.bna 2) birth-certificate.bna

The license-transfer-network.bna has an admin card : licenseDept@license-transfer-network

The connection to the network was successfully tested: license-transfer-network Business network version: 0.0.2-deploy.110 Composer runtime version: 0.20.0 participant: org.hyperledger.composer.system.NetworkAdmin#licenseDept identity: org.hyperledger.composer.system.Identity#32e31e2e8d647b1f7d0c9a1c6244c71425e335e8fd9e2497177db10c6822cdfc

and the birth-certificate.bna has an admin card : birthDept@birth-certificate

The connection to the network was successfully tested: birth-certificate Business network version: 0.0.2-deploy.10 Composer runtime version: 0.20.0 participant: org.hyperledger.composer.system.NetworkAdmin#birthDept identity: org.hyperledger.composer.system.Identity#9a8e85e00a78b60da7bc0d6b43a360d1afbda8b45c38af057a39fe785b37c3d5

I’ve followed the tutorial from here : https://hyperledger.github.io/composer/latest/tutorials/invoke-composer-network to interact between the two .bna files. My main doubt is in : Step Five: Bind the identity on network A to the participant on network B 3rd point:see third point

Whose ID do I add in this line : resource:org.hyperledger.composer.system.NetworkAdmin#admin is it licenseDept or birthDept