If I understand this correctly, a link wouldn't survive this as the pdf is turned into images and then those images back into a pdf. So it's essentially like a scan of very high quality.

What you would end up with is an image that looks like a link but would not be clickable.

Doesn't matter if it is not clickable. There are existing phishing campaigns that use jpeg attachments asking the user to copy paste it (or just let the user try to copy and fail and manually type it out). Perhaps adding a text warning users to not open any links on the document will easily prevent that?

> Dangerzone can optionally OCR the safe PDFs it creates, so it will have a text layer again

I'm not completely sure, but wouldn't this parse links and make them accessible again, possibly even clickable?

A links displayed text and its destination URL are not necessarily the same. Rendering the document to a bitmap then OCRing that would get the display text rather than the URL. I would think that it would be normal for a malicious URL to be obscured with an innocent looking display text.

Given the security focus here I'd be somewhat surprised if they did this - links are one of the main threat vectors associated with pdfs.

Maybe use pdftotext wrapper to extract text along side the image based pdf.

A PDF smartform can run ActionScript.

Fortunately smart forms require Adobe Viewer, and there's an approval step (similar to agreeing to Excel macros), but after that it can do whatever the hell it likes.

If the OP renamed to “HighwayToTheDangerzone”, would this help?