Click or drag to resize
Pdf Library for .NET

Security Recommendations for SelectPdf Library

SelectPdf is a .NET library that offers a lot of features, but the most important and the most used feature is the conversion from HTML to PDF. The conversion from HTML to PDF implies the rendering of the web page being converted. Because of the support to run complex HTML/CSS/Javascript, a number of things need to be taken into consideration when using SelectPdf, to make sure your application remains secure.

If you convert your own files to pdf and know exactly what they contain, you are fine. But if you take external files/code to convert to PDF from users you do not know, follow the following recommendations.

Control input

Check the content of the web page being converted. Look for code (especially javascript) that might harm your system. Sanitizing user input can be difficult and attackers can sometimes find a way around the protection.

Retrict access

If you only access the system from certain locations, restrict the access to it limiting the IP addresses allowed.

Disable javascript execution

If you do not need to execute javascript, disable it setting the following property:

converter.Options.JavaScriptEnabled = false;

Disable access to local files

If you do not need to access local server files during the conversion, disable access setting the following property:

SelectPdf.GlobalProperties.ForceDenyLocalFileAccess = true;