Show HN: Tetris in a PDF

Original Article ↗ Hacker News Discussion ↗

Overall reaction

  • Many commenters find the project hilarious, impressive, and very “HN-core,” some calling it “evil genius” and a top-tier hacker project.
  • Others are uneasy, saying it’s “awesome and terrifying” because it demonstrates how much code PDFs can run.

PDF JavaScript & capabilities

  • Several note that JavaScript in PDFs has been supported for decades and is now part of the standard.
  • JS is commonly used for interactive forms, validation, computed fields, and things like dynamically updating QR codes in government forms.
  • Discussion highlights that PDF JS APIs are limited and idiosyncratic (e.g., setInterval with string eval, field background color changes, moving form-field bounding boxes).
  • Some explore other tricks: using checkboxes or text fields as “pixels,” custom fonts for graphics, and even WASM in some engines (though Chrome’s PDFium intentionally disables JIT and WASM).

Compatibility and viewer behavior

  • Works in Chrome, Firefox, Edge, and Chromium-based viewers using PDFium; multiple people confirm playability.
  • Does not work in Safari / macOS Preview / Quick Look, many mobile viewers, Evince, and some pdf.js builds.
  • Several are explicitly relieved that Preview, Safari, or Evince don’t run JS.
  • Firefox users discuss disabling scripting via pdfjs.enableScripting; some forks have it off by default.

Security concerns

  • Commenters repeatedly stress that PDFs remain a major attack surface; JS and complex parsing have enabled serious exploits, including high-profile spyware and zero-click attacks.
  • Some argue PDFs “should not execute code” and recommend:
    • Using viewers that disable JS or only accept archival/printing-focused subsets (PDF/A, PDF/X).
    • Sandboxing PDF rendering instead of relying on user discipline.
  • Others counter that modern browsers sandbox PDF JS heavily and often require user interaction, reducing but not eliminating risk.

Related hacks and extensions

  • People share related experiments: calculators, Game of Life, Snake and Flappy Bird in PDFs, Atari Breakout, and even Doom-in-PDF attempts.
  • There’s speculative discussion about running DOS, C compilers, or even AI/LLMs inside PDFs or fonts, citing Turing-completeness and prior font-based LLM demos.