Security best practices for Web/HTML to PDF

This guide provides best practices for hardening the security of the HTML2PDF module within your deployment environment.

The HTML2PDF module opens the webpage it's pointed at, then converts it to a PDF when going through the HTML2PDF process. Maliciously crafted webpages can be a security problem during this process. Since the SDK browser instance doesn't include the ability for you to follow good web hygiene, we've constructed this guide to inform you of the risks involved and best practices you can follow.

HTML2PDF is based on headless Chromium. It is equipped with the same security features as the Chromium browser. In addition to that:

• HTML2PDF has no persistent storage for cookies or site data and no cache.
• Every HTML to PDF conversion runs in a separate isolated process.

HTML2PDF is frequently updated to include the latest security patches from the Chromium browser. Make sure to keep the module up to date.

Sandboxing is a crucial security mechanism that restricts the privileges of various components within the module. However, two module options, when modified, can disable sandboxing:

• Sandbox – Setting this property to false disables sandboxing for all following conversions.
• CompatibilityMode – Setting this property to true deactivates sandboxing as well.

For maximum security do not change the defaults of the options above.

The Same-origin Policy (SOP) is always enabled. However, when converting files from the local file system using the file:// protocol, the "origin" is considered to be the entire file system. The module does not provide any built-in mechanisms to restrict access to local files referenced by the source HTML files or scripts. Instead, it relies on the operating system's permission-based controls to enforce access restrictions.

If this level of isolation is not sufficient, we recommend setting up a basic static web server to serve the source HTML files. This way access to the file system is restricted by the web server.

For example, let your directory for source files be /tmp/html-to-pdf-sources. Then you can create a server with:

1//@data {"m":true}//
2python3 -m http.server --bind 127.0.0.1 -d /tmp/html-to-pdf-source

1//@data {"m":true}//
2npx http-server /tmp/html-to-pdf-sources -p 8000

In the next step, create a subdirectory my_dir in /tmp/html-to-pdf-sources, then, put your source file, my_file.html, along with all related resources, in it and then start conversion:

1//@data {"m":true}//
2python3 -m http.server --bind 127.0.0.1 -d /tmp/html-to-pdf-sources

1//@data {"m":true}//
2converter.InsertFromURL("http://127.0.0.1:8000/my_dir/my_file.html");

1//@data {"m":true}//
2converter.InsertFromURL("http://127.0.0.1:8000/my_dir/my_file.html")

1//@data {"m":true}//
2converter.insertFromURL("http://127.0.0.1:8000/my_dir/my_file.html");

1//@data {"m":true}//
2html2pdf.insertFromUrl('http://127.0.0.1:8000/my_dir/my_file.html');

1//@data {"m":true}//
2[converter InsertFromURL: @"http://127.0.0.1:8000/my_dir/my_file.html"];

1//@data {"m":true}//
2converter.InsertFromURL("http://127.0.0.1:8000/my_dir/my_file.html")

1//@data {"m":true}//
2converter.InsertFromURL('http://127.0.0.1:8000/my_dir/my_file.html')

1//@data {"m":true}//
2converter.InsertFromURL("http://127.0.0.1:8000/my_dir/my_file.html")

The module will have no access to the files outside of the /tmp/html-to-pdf-sources directory.