How to avoid XSS attacks when convert xls to html

yuweiming314 · December 19, 2019, 6:18am

how to avoid XSS attacks when convert xls to html

amjad.sahi · December 19, 2019, 9:01am

Thanks for the screenshots.

It looks like those culprit scripts are embedded into hyperlinks in the worksheet. Aspose.Cells can retrieve source for the links but how come Aspose.Cells knows if source link is good or bad or it has some vulnerabilities scripts/code. I am afraid, you have to check those hyperlinks by yourself and change the target if you think the target is unsafe for your situation. I am afraid, there is no way or API which can fit to all users. For example, the alert invocation in your example maybe it is just some other users’ purpose or useful for them to create such one tag.

Thanks for your understanding!

yuweiming314 · December 19, 2019, 12:01pm

thanks for your answer，，is there a way to forbit all hyperlinks in excel when convert it to html？

amjad.sahi · December 19, 2019, 12:49pm

@yuweiming314,

Well, you may exclude all hyperlinks in the spreadsheet using data filter options when loading the file, see the sample code for your reference:
e.g
Sample code:

var filePath = @"e:\test2\Book1.xls";
            var loadFilter = new LoadFilter(LoadDataFilterOptions.All & ~LoadDataFilterOptions.Hyperlinks);
            var asposeOptions = new Aspose.Cells.LoadOptions
            {
                LoadFilter =  loadFilter
            };
            var workbook = new Workbook(filePath, asposeOptions);
.........

Hope, this helps a bit.