On a webserver we are converting html that is uploaded by users to Word or PDF. We don’t want to load all resources because then a hacker could upload a html file with the path of an image on the webserver and it will be included in the export.
For Word export we fixed this by implementing the IResourceLoadingCallback and this works perfectly. However when we use the same code and save as PDF this doesn’t work.
The only difference in the code is that for Word we have this as the last line:
document.Save(dstStream, SaveFormat.Docx);
And for PDF this:
document.Save(dstStream, SaveFormat.Pdf);
The IResourceLoadingCallback is called in both occasions but it seems the response ResourceLoadingAction.Skip is ignored for PDF and not for Docx.