UI5
diff --git a/‎src/sap.m/src/sap/m/PDFViewer.js‎
Lines changed: 67 additions & 40 deletions b/‎src/sap.m/src/sap/m/PDFViewer.js‎
Lines changed: 67 additions & 40 deletions
@@ -14,7 +14,7 @@ sap.ui.define([
 	"sap/ui/thirdparty/jquery",
 	"./PDFViewerRenderer"
 ],
-	function(
+	function (
 		library,
 		Control,
 		Device,
@@ -61,47 +61,55 @@ sap.ui.define([
 						 * Defines the height of the PDF viewer control, respective to the height of
 						 * the parent container. Can be set to a percent, pixel, or em value.
 						 */
-						height: {type: "sap.ui.core.CSSSize", group: "Dimension", defaultValue: "100%"},
+						height: { type: "sap.ui.core.CSSSize", group: "Dimension", defaultValue: "100%" },
 						/**
 						 * Defines the width of the PDF viewer control, respective to the width of the
 						 * parent container. Can be set to a percent, pixel, or em value.
 						 */
-						width: {type: "sap.ui.core.CSSSize", group: "Dimension", defaultValue: "100%"},
+						width: { type: "sap.ui.core.CSSSize", group: "Dimension", defaultValue: "100%" },
 						/**
 						 * Specifies the path to the PDF file to display. Can be set to a relative or
 						 * an absolute path.<br>
 						 * Optionally, this property can also be set to a data URI path or a blob URL
 						 * in all major web browsers except Internet Explorer and Microsoft Edge, provided
 						 * that this data URI or blob URL is allowed in advance. For more information about
 						 * URL filtering, see {@link topic:91f3768f6f4d1014b6dd926db0e91070 URLList Validator Filtering}.
+						 *
+						 * <h3>Source Validation</h3>
+						 * When the source is set, the PDFViewer automatically validates the resource using a GET request
+						 * to ensure it exists and is accessible. This validation:
+						 * <ul>
+						 * <li>Prevents loading invalid or non-existent PDF files</li>
+						 * <li>If validation fails, error content is displayed instead of attempting PDF load</li>
+						 * </ul>
 						 */
-						source: {type: "sap.ui.core.URI", group: "Misc", defaultValue: null},
+						source: { type: "sap.ui.core.URI", group: "Misc", defaultValue: null },
 						/**
 						 * A custom error message that is displayed when the PDF file cannot be loaded.
 						 * @deprecated As of version 1.50.0, replaced by {@link sap.m.PDFViewer#getErrorPlaceholderMessage}.
 						 */
-						errorMessage: {type: "string", group: "Misc", defaultValue: null, deprecated: true},
+						errorMessage: { type: "string", group: "Misc", defaultValue: null, deprecated: true },
 						/**
 						 * A custom text that is displayed instead of the PDF file content when the PDF
 						 * file cannot be loaded.
 						 */
-						errorPlaceholderMessage: {type: "string", group: "Misc", defaultValue: null},
+						errorPlaceholderMessage: { type: "string", group: "Misc", defaultValue: null },
 						/**
 						 * A custom title for the PDF viewer popup dialog. Works only if the PDF viewer
 						 * is set to open in a popup dialog.
 						 * @deprecated As of version 1.50.0, replaced by {@link sap.m.PDFViewer#getTitle}.
 						 */
-						popupHeaderTitle: {type: "string", group: "Misc", defaultValue: null, deprecated: true},
+						popupHeaderTitle: { type: "string", group: "Misc", defaultValue: null, deprecated: true },
 
 						/**
 						 * A custom title for the PDF viewer.
 						 */
-						title: {type: "string", group: "Misc", defaultValue: null},
+						title: { type: "string", group: "Misc", defaultValue: null },
 
 						/**
 						* Shows or hides the download button.
 						*/
-						showDownloadButton: {type: "boolean", group: "Misc", defaultValue: true},
+						showDownloadButton: { type: "boolean", group: "Misc", defaultValue: true },
 
 						/**
 						* Defines how the PDF viewer should be displayed.
@@ -123,25 +131,25 @@ sap.ui.define([
 						* </li>
 						* </ul>
 						*/
-						displayType: {type: "sap.m.PDFViewerDisplayType", group: "Misc", defaultValue: PDFViewerDisplayType.Auto},
+						displayType: { type: "sap.m.PDFViewerDisplayType", group: "Misc", defaultValue: PDFViewerDisplayType.Auto },
 						/**
 						 * Parameter to determine if the given PDF is from a trusted source. If the source is valid this property can be set to true.
 						 * If isTrustedSource is set to true, the PDFViewer opens with the displayType set to "Embedded" on desktop devices. This means that the PDF content is directly shown within the PDFViewer. Set this property to true only when the PDF is generated by the application or the PDF is scanned for viruses.
 						 * If isTrustedSource is set to false, the PDFViewer opens with the displayType set to "Link" on desktop devices. This means that any configuration that has been provided by the application for the property displayType is overridden. In this case, the user would need to download the PDF to view its content.
 						 */
-						isTrustedSource: {type: "boolean", group: "Misc", defaultValue: false}
+						isTrustedSource: { type: "boolean", group: "Misc", defaultValue: false }
 					},
 					aggregations: {
 						/**
 						 * A custom control that can be used instead of the error message specified by the
 						 * errorPlaceholderMessage property.
 						 */
-						errorPlaceholder: {type: "sap.ui.core.Control", multiple: false},
+						errorPlaceholder: { type: "sap.ui.core.Control", multiple: false },
 						/**
 						 * A multiple aggregation for buttons that can be added to the footer of the popup
 						 * dialog. Works only if the PDF viewer is set to open in a popup dialog.
 						 */
-						popupButtons: {type: "sap.m.Button", multiple: true, singularName: "popupButton"},
+						popupButtons: { type: "sap.m.Button", multiple: true, singularName: "popupButton" },
 						/**
 						 * A message page is displayed when the property isTrustedSource = false
 						 * @private
@@ -159,7 +167,7 @@ sap.ui.define([
 						 * This event is fired when there is an error loading the PDF file.
 						 */
 						error: {
-							parameters : {
+							parameters: {
 								/**
 								 * The iframe element.
 								 */
@@ -322,38 +330,42 @@ sap.ui.define([
 		 * @private
 		 * Handles the iframe load event for PDFViewer.
 		 * - Checks if PDF plugin is enabled, fires error if not.
-		 * - Tries to access children of the iframe document body.
-		 * - If children exist, checks for embed tag to validate PDF rendering.
-		 * - Fires loaded event if valid, error event otherwise.
+		 * - Validates the PDF source using a GET request to ensure accessibility.
+		 * - Fires loaded event if validation succeeds, error event otherwise.
 		 * - Catches and logs any unexpected errors, fires error event in such cases.
 		 */
-		 PDFViewer.prototype._onLoadListener = function (oEvent) {
+		PDFViewer.prototype._onLoadListener = function (oEvent) {
 			try {
 				// Check if PDF plugin is enabled
 				if (PDFViewerRenderer._isPdfPluginEnabled()) {
-					var bContinue = true;
-					var oTarget = jQuery(oEvent.target);
-					try {
-						// Try to access children of the iframe document body
-						var oContentWindow = oTarget[0] && oTarget[0].contentWindow;
-						var oDocumentBody = oContentWindow && oContentWindow.document && oContentWindow.document.body;
-						var aTargetChildren = oDocumentBody && oDocumentBody.children;
-					} catch (error) {
-						// If access fails, log warning and treat as no children
-						aTargetChildren = [];
-						Log.warning("Error in fetching children entity for given source of PDFViewer.");
-					}
-					// If children exist, check for embed tag
-					if (aTargetChildren && aTargetChildren.length) {
-						var oContentWindow = oTarget[0] && oTarget[0].contentWindow;
-						var oDocument = oContentWindow && oContentWindow.document;
-						var aEmbeds = oDocument && oDocument.embeds;
-						bContinue = !!aEmbeds && aEmbeds.length === 1;
-					}
-					// If valid PDF rendering, fire loaded event; else, fire error event
-					if (bContinue) {
-						this._fireLoadedEvent();
+					// Validate source using GET request when iframe loads
+					var sSource = this.getSource();
+					if (sSource) {
+						// Skip validation for data URIs and blob URLs as they may not work with fetch
+						// or would waste bandwidth by re-downloading embedded data
+						if (this._isDataUriOrBlob(sSource)) {
+							// For data URIs and blob URLs, assume valid and fire loaded event
+							this._fireLoadedEvent();
+						} else {
+							try {
+								// Source validation using GET request to check resource existence
+								// Simple and universally compatible approach without Range headers
+								window.fetch(sSource, { method: "GET" })
+									.then(function (response) {
+										if (response.ok) {
+											this._fireLoadedEvent();
+										} else {
+											this._fireErrorEvent(oEvent.target);
+										}
+									}.bind(this)).catch(function () {
+										this._fireErrorEvent(oEvent.target);
+									}.bind(this));
+							} catch (error) {
+								this._fireErrorEvent(oEvent.target);
+							}
+						}
 					} else {
+						// No valid source, fire error event
 						this._fireErrorEvent(oEvent.target);
 					}
 				} else {
@@ -368,6 +380,21 @@ sap.ui.define([
 			}
 		};
 
+		/**
+		 * Checks if the source is a data URI or blob URL
+		 * @param {string} sSource The source URL to check
+		 * @returns {boolean} true if source is data URI or blob URL
+		 * @private
+		 */
+		PDFViewer.prototype._isDataUriOrBlob = function (sSource) {
+			if (!sSource || typeof sSource !== "string") {
+				return false;
+			}
+
+			var sLowerSource = sSource.toLowerCase();
+			return sLowerSource.startsWith("data:") || sLowerSource.startsWith("blob:");
+		};
+
 		/**
 		 * @private
 		 */