问题
Is wkhtmltopdf secure enough to prevent abuse when run server-side on user-supplied HTML, and if so, which arguments would I need?
I found how to disallow local file access, but I'd also like at least to prevent network access to localhost, and generally have it be about as secure as a modern browser. Is it?
I don't actually intend to run wkhtmltopdf on user-supplied HTML, but on server-generated HTML. I'm concerned that the presence of wkhtmltopdf would make any HTML injection vulnerability far more severe than it may have been otherwise. So ideally I'd like to secure wkhtmltopdf as if I were expecting arbitrary user input.
回答1:
The answer appears to be "it is not secure enough to do that".
In this discussion, it was suggested that you should run it in a sandbox and filter/sanitize the supplied HTML.
The authors do not mention what kind of HTML filtering is required. One possible security issue I can think of is that wkhtmltopdf could access content from the server's intranet that is not normally accessible from the outside and expose it in the PDF. If you disable Javascript with --disable-javascript, and disable local file access with --disable-local-file-access, then it's still possible to expose such content using an iframe, or by sourcing an image using inline CSS or img.src.
来源:https://stackoverflow.com/questions/24205769/how-to-run-wkhtmltopdf-securely-on-user-supplied-html