Verify the PDF header before preview
A PDF file begins with the byte sequence %PDF-. The tool checks that signature after Base64 decoding and refuses to label unrelated bytes as a PDF. It then reports the PDF version marker and decoded file size.
A correct header is only the first structural check. It does not prove that every object, cross-reference entry, signature, form, attachment, or script inside the document is safe or valid.
Browser-local preview with a security boundary
The preview uses a temporary blob URL in the browser PDF viewer, and the download preserves the decoded bytes. No document is sent to this site. Preview availability still depends on the browser and its PDF support.
PDF can contain links, forms, attachments, JavaScript, and deceptive visual content. Do not trust or sign an unfamiliar document based only on a successful preview.
Common failures this tool explains
- The decoded bytes do not begin with the %PDF- signature.
- A data URL declares application/pdf but contains another file type.
- The browser has disabled its built-in PDF viewer.
- The Base64 is truncated, leaving broken padding or an incomplete PDF body.
Equivalent commands
Use the runtime or shell already available in your workflow. Validate untrusted input and keep binary output out of terminals when it may contain control bytes.
Python
from pathlib import Path
import base64
Path('document.pdf').write_bytes(base64.b64decode(value, validate=True))
JavaScript
import { writeFileSync } from 'node:fs';
writeFileSync('document.pdf', Buffer.from(value, 'base64'));
Shell
printf '%s' "$VALUE" | base64 --decode > document.pdf
head -c 5 document.pdf