I have an scenario where i create a Aspose word Document from an inputstream in Java.
Aspose.Word version is 18.9
The input file in the input stream is actually a txt file that contains HTML-code linking to a zip bomb file but renamed to a DOC file like this myFile.html.doc
I create my Aspose word document like this:
LoadOptions loadOptions = new LoadOptions(); loadOptions.setLoadFormat(LoadFormat.DOC); // loadOptions.setLoadFormat(LoadFormat.TEXT); Document doc = new Document(is, loadOptions);
When I use LoadFormat.TEXT everything works fine because the HTML content is interpret as pure text.
But when I change to LoadFormat.DOC the html code is interpret as HTML and the zip bomb is executed.
So my question is, is there some way that I can prevent HTML code from being executed when I create a Aspose word document using LoadFormat.DOC since this code is also used to create ordinary word documents.