We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

How to avoid XSS attacks when convert xls to html

how to avoid XSS attacks when convert xls to html

image.png (10.7 KB)
image.png (9.1 KB)

@yuweiming314,

Thanks for the screenshots.

It looks like those culprit scripts are embedded into hyperlinks in the worksheet. Aspose.Cells can retrieve source for the links but how come Aspose.Cells knows if source link is good or bad or it has some vulnerabilities scripts/code. I am afraid, you have to check those hyperlinks by yourself and change the target if you think the target is unsafe for your situation. I am afraid, there is no way or API which can fit to all users. For example, the alert invocation in your example maybe it is just some other users’ purpose or useful for them to create such one tag.

Thanks for your understanding!

thanks for your answer,,is there a way to forbit all hyperlinks in excel when convert it to html?

@yuweiming314,

Well, you may exclude all hyperlinks in the spreadsheet using data filter options when loading the file, see the sample code for your reference:
e.g
Sample code:

var filePath = @"e:\test2\Book1.xls";
            var loadFilter = new LoadFilter(LoadDataFilterOptions.All & ~LoadDataFilterOptions.Hyperlinks);
            var asposeOptions = new Aspose.Cells.LoadOptions
            {
                LoadFilter =  loadFilter
            };
            var workbook = new Workbook(filePath, asposeOptions);
......... 

Hope, this helps a bit.