We use Aspose.PDF for Java, to convert PDF documents to HTML.
Can we assume that the resulting HTML is safe from cross-site scripting attacks?
The reason I ask is because our code currently runs HTML docs (which could have been uploaded by a user) through an html ‘sanitizer’ to protect against cross-site scripting attacks. For example, the sanitizer removes any <script> content from the HTML docs. But for HTML docs that were created by Aspose from PDF files, the sanitizer totally messes those up, because all of the styles also get removed by the sanitizer, so the HTML file looks terrible and nothing like the original PDF.
We are thinking that sanitization to protect against cross-site scripting attack shouldn’t be needed for an HTML doc that was generated from PDF by Aspose.
Is that true?
(I.E., We don’t need to sanitize an HTML doc that was generated from PDF by Aspose)
Or, could cross-site scripting attacks be present in the HTML created by Aspose, from PDF?
Thanks in advance for your answer.