Sure, here you go:
I embed any image into a word document and save that as ‘Word - XML’. Then you go with your favorite text editor and change the path of the image to an absolute one. Like so, where the arrow is pointing:
image.png (154.2 KB)
Now you open that xml file again in word and save it as docx. The attached word document has an image embedded that’s pointing to “c:\temp\godzilla.jpg”. If you render this using the following code:
var license = new Aspose.Words.License();
var inputFilePath = "godzilla.docx";
var tempFilePath = Path.GetTempFileName() + ".pdf";
var doc = new Aspose.Words.Document(inputFilePath);
using (var fs = new FileStream(tempFilePath, FileMode.Create))
You can see that once you have an image in place on your local hard drive at the specified location, that image gets rendered in the document. If you don’t have the image in place, you just get a blank document.
We’re looking for a way to disable access to the local file system when rendering documents, be that for Words, Slides or Excel, as this poses a potential security risk if some attacker could construct a document that could embed critical files into a document (like the configuration file).
godzilla.zip (10.1 KB)