Executable code in documents leads to trouble
, which prevents the attack. (PDF/-J?)
Supporting programmable code in a document file format is a bad idea, in my opinion. As this effectively transforms something fairly static called 'a document' into something very dynamic called 'an application'.
Documents should not contain any code, or they should be treated like applications (and checked for viruses, etc...).
XPS does not have any script support, so it regularly comes up in discussion as an argument against
XPS. This is ridiculous. Not having any programmability in your fixed document format is a feature