For better or worse, the years I spent working on Preview for Apple (and PDFKit) I felt bad that our (Apple's) PDF implementation was far short of Adobe's.
Radars would show up with PDFs attached, "Preview Does Not Display 3D Image in PDF Like Acrobat" or similar. And I would feel so ... inadequate.
PDFKit could render and capture basic annotations ... and that was about it. We could show you forms, allow editing, but if the PDF had Javascript that would add two fields and put the sum in a third field I had to shrug and say, "Oh well." The effort of hoisting a JavaScript interpreter/runtime was beyond my skillset anyway.
But then I kind of came to see our subset of PDF support as a kind of feature. It's true, we left out the kitchen sink. Adobe was/is clearly interested in putting everything into PDF.
And I mean, as pointed out here, at least you could open a PDF in Preview and not worry about any Javascript executing. ;-)
If it makes you feel any better, Preview is by far the best PDF viewer and editor (I use it for signatures and adding text) I've ever used. I like that the PDF previews in Finder are instant and accurate. I like that it shows as much PDF and as little UI/menubar as possible. I like that it never asks me to upgrade or log in. The search tools work well. I can stitch PDFs together (if I google how to, always forget) and pull certain pages out as their own files.
For all of the PDFs I've ever encountered, Preview has been sufficient and capable. Thank you for your hard work!
I thought Acrobat had ugly UI — stacks and stacks of toolbars for example (this, BTW, about a decade ago — I haven't launched Reader in some time so can't speak to the current UI).
I met one of the engineers from Adobe and said as much — as politely as I could. He said, yeah, we're modeling our UI on Office.
I saw in an instant that they wanted to be seen as a peer, a co-tool, to the Microsoft suite and it all made sense to me.
Thank you, thank you, THANK YOU for not having put all that cruft in, and by Apple's sheer size, effectively discouraging many from producing and circulating those abominations.
Adobe has an awful track record of security (how many exploits in the past 25 years were in Acrobat (not the PDF spec, the actual Acrobat software) and in Flash?) but PDF is an amazing gift to the world, and, thanks to people like you, effectively safer than how Adobe designed it :))
Unfortunately I have the full Acrobat on my work computer, mandated by my employer, sigh, but that's another story.
When I ordered an official PDF copy of my college diploma, the order form had an option to enable "tracking" in the PDF file. Sure enough, when the recipient opened the PDF file (and when I tried it myself on a different machine), I got a notification from the company that generated the PDF...
PDFs are roughly on par with web pages feature-wise, including JavaScript or other actions that execute on load. Adobe did this, of course, to stave off the competition from the early web. Nowadays, PDF readers disable most of that by default (if they even support it).
No, they are not executable by the OS (generally).
Formats are on a gradient between "completely code" and "completely data" and PDFs are quite close to the "completely code" extreme'; I guess this is what the parent meant.
I would expect so simply because browsers are fairly hardened pieces of software. Adobe Acrobat is decently hardened but it seems to be far behind browsers.
It is worth noting that Chromium and later Firefox both added PDF viewers that live inside the browser sandbox. They are essentially web-apps that render the PDF. When I worked at Google they strongly recommended using Chrome for opening PDF files because they felt much more comfortable about its security and sandboxing than other PDF readers.
On another perspective is that you are likely browsing the internet anyways. In fact you likely got the PDF by visiting a website. So you have already exposed a huge attack surface (your browser) to a possible hostile adversary. It is better to expose them to the same attack surface again (plus whatever security the PDF reader itself provides) than to give them a fresh new attack surface.
Radars would show up with PDFs attached, "Preview Does Not Display 3D Image in PDF Like Acrobat" or similar. And I would feel so ... inadequate.
PDFKit could render and capture basic annotations ... and that was about it. We could show you forms, allow editing, but if the PDF had Javascript that would add two fields and put the sum in a third field I had to shrug and say, "Oh well." The effort of hoisting a JavaScript interpreter/runtime was beyond my skillset anyway.
But then I kind of came to see our subset of PDF support as a kind of feature. It's true, we left out the kitchen sink. Adobe was/is clearly interested in putting everything into PDF.
And I mean, as pointed out here, at least you could open a PDF in Preview and not worry about any Javascript executing. ;-)