Add option to set configuration parameters via URL parameters

[rudolphi]

e.g. viewer.html?isEvalSupported=false&enableScripting=false&file=xyz.pdf
Being able to disable any Javascript execution would really be appreciated, as we may not be able to control whether PDFs are coming from a trusted source.

[Snuffleupagus]

Please note that controlling viewer features using hash parameters was purposely disabled, see issue #4954 for additional information.

Given the lack of information here, please remember to always fill out the ISSUE_TEMPLATE completely when opening an issue, it's somewhat difficult to understand the scope of this question.
However, please note that in Firefox you can always set preferences using about:config (search for "pdfjs.") and if you're using the default viewer in a custom implementation then either modifying the code or using the AppOptions/Preferences should work; please also see https://github.com/mozilla/pdf.js/wiki/Third-party-viewer-usage

[calixteman]

@rudolphi, if you found any issues with JS execution, please file bugs.
For your information, executed JS in pdf.js is not executed JS in Acrobat (at least in old version of Acrobat).
In Firefox, the JS code is executed within a sandbox with the lowest privileges (there are access neither to I/O, nor to window, nor to document...), consequently it's very secure (you can read this answer from a member of the security team @mozilla: https://security.stackexchange.com/a/248985).