35 lines
1.2 KiB
Markdown
Executable File
35 lines
1.2 KiB
Markdown
Executable File
# Security
|
|
|
|
[back](./README.md)
|
|
|
|
Html2Pdf is using the default [Security](../src/Security/Security.php) service to protect the external included files (CSS, images, ...).
|
|
|
|
It allows :
|
|
|
|
* HTTP/HTTPS external files
|
|
* Local Files
|
|
|
|
You can add a specific host to be allowed for http/https scheme. By default, the whitelist is empty.
|
|
|
|
```php
|
|
$html2pdf->getSecurityService()->addAllowedHost('www.html2pdf.fr');
|
|
```
|
|
|
|
You can reset the list of allowed hosts for http/https scheme.
|
|
|
|
```php
|
|
$html2pdf->getSecurityService()->resetAllowedHosts();
|
|
```
|
|
|
|
You can disable the check on the allowed hosts for http/https scheme.
|
|
|
|
```php
|
|
$html2pdf->getSecurityService()->disableCheckAllowedHosts();
|
|
```
|
|
|
|
You must ensure that the HTML you want to convert is secure, **especially if it is generated from uncontrolled data contributed by users**.
|
|
In such cases, an attacker could send requests to both external servers and restricted-access servers (e.g., within a local network) on host that you have added to the whitelist.
|
|
|
|
If you need additional security, you can implement the [SecurityInterface](../src/Security/SecurityInterface.php),
|
|
and call the method `setSecurityService` on the Html2Pdf object to use it.
|