HakanL
commented
2 years ago This is just a wrapper around a native library, if such vulnerability exists then you should open that with the native library (wkhtmltopdf) instead.
Closed olnor18 closed 2 years ago
HakanL
commented
2 years ago This is just a wrapper around a native library, if such vulnerability exists then you should open that with the native library (wkhtmltopdf) instead.
olnor18
commented
2 years ago It's a known issue that will not be fixed. It is documented here under recommendations that untrusted unsanitized user input should never be allowed. It would therefore be responsible to either include this warning on the readme or include some sanitation for JavaScript.
HakanL
commented
2 years ago Got it, done! Thanks!
Using this library with user-supplied input in any way, even if just used to fill out a template could lead to major vulnerabilities. Do not use this library with user-supplied input until this is mitigated. Please reach out so this can get patched. More info here.