ebene/assure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
350134d455
assure/vendor/spipu/html2pdf/doc/security.md
KANE LAZENI 350134d455 Import initial du projet assure
2025-12-01 19:07:16 +00:00

1.2 KiB
Raw Blame History

Security

back

Html2Pdf is using the default Security service to protect the external included files (CSS, images, ...).

It allows :

  • HTTP/HTTPS external files
  • Local Files

You can add a specific host to be allowed for http/https scheme. By default, the whitelist is empty.

$html2pdf->getSecurityService()->addAllowedHost('www.html2pdf.fr');

You can reset the list of allowed hosts for http/https scheme.

$html2pdf->getSecurityService()->resetAllowedHosts();

You can disable the check on the allowed hosts for http/https scheme.

$html2pdf->getSecurityService()->disableCheckAllowedHosts();

You must ensure that the HTML you want to convert is secure, especially if it is generated from uncontrolled data contributed by users. In such cases, an attacker could send requests to both external servers and restricted-access servers (e.g., within a local network) on host that you have added to the whitelist.

If you need additional security, you can implement the SecurityInterface, and call the method setSecurityService on the Html2Pdf object to use it.