Audit PDF.js
While I'm reviewing and testing Firefox 17 for ESR, I should see if I can get PDF.js working well enough to include it.
I'll also need to review its source code for obvious signs of proxy bypass and potential third party state storage, though.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information