Hi there
Our business have requirement of converting html to pdf with java. I am trying aspose-pdf and so far works fine. Because we can’t trust the html input, we need to be sure aspose does the conversion in secure way. therefore no any script embedded in the html should be run during conversion. However I could not find a clear answer regarding to this topic within aspose website.
Please can you provide a confirmed answer? btw. i am evaluating aspose-pdf 22.3
thanks
The feature of HTML to PDF Conversion in the API does not include the verification of supplied HTML source whether its trusted or not. However, we will check this scenario further. Could you kindly share a sample HTML in .zip format for our reference? We will further proceed accordingly.
test html.7z (573 Bytes)
hi please see attached test html. basically it is just a very simple html containing some java scripts. I am not asking if aspose verify html source, instead I want to be sure that no any script is run when converting to pdf in order to prevent XSS attack. You know cyber security is key to our business.
I am looking forward to your reply.
thanks
Kang
An investigation ticket as PDFJAVA-41573 has been logged in our issue tracking system in order to analyze the feasibility of your requirements. We will further look into details of the logged ticket and let you know as soon as it is resolved. Please be patient and spare us some time.
We are sorry for the inconvenience.
hi there, is there any update on this? We are evaluating aspose and need a firm answer asap.
thanks
Kang
We are afraid that the earlier logged ticket has not been yet reviewed. However, we have recorded your concerns and will let you know as soon as we have some feedback to share. Please spare us some time.
We are sorry for the inconvenience.