Fix the handling of single quotes in the wrapper script

khalilgharbaoui / wkhtmltopdf-binary-edge-alpine

Alpine linux wkhtmltopdf binary ruby gem with qt patches

MIT License

14 stars 10 forks source link

Fix the handling of single quotes in the wrapper script #1

Closed knu closed 4 years ago

knu commented 5 years ago

There's a flaw in how bin/wkhtmltopdf handles single quotes.

% bin/wkhtmltopdf --title "User's Guide" file:///path/to/html /tmp/output.pdf
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file

This can lead to security vulnerability when the user of this package passes an untrusted string to the bin/wkhtmltopdf command.

khalilgharbaoui commented 5 years ago

@knu tnx! I'll try to merge this ASAP.