 | |
Security Recommendations for SelectPdf Library | |
SelectPdf is a .NET library that offers a lot of features, but the most important and the most used feature is the conversion from HTML to PDF. The conversion from HTML to PDF implies the rendering of the web page being converted. Because of the support to run complex HTML/CSS/Javascript, a number of things need to be taken into consideration when using SelectPdf, to make sure your application remains secure.
If you convert your own files to pdf and know exactly what they contain, you are fine. But if you take external files/code to convert to PDF from users you do not know, follow the following recommendations.
Control input
Check the content of the web page being converted. Look for code (especially javascript) that might harm your system. Sanitizing user input can be difficult and attackers can sometimes find a way around the protection.
Retrict access
If you only access the system from certain locations, restrict the access to it limiting the IP addresses allowed.
Disable javascript execution
If you do not need to execute javascript, disable it setting the following property:
Disable access to local files
If you do not need to access local server files during the conversion, disable access setting the following property: