Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix access to files without protocol
  • Loading branch information
pofider committed Nov 2, 2020
1 parent c1c4d4d commit b5d2da2
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 25 deletions.
14 changes: 7 additions & 7 deletions lib/scripts/conversionScriptPart.js
Expand Up @@ -19,19 +19,19 @@ page.onResourceRequested = function (request, networkRequest) {
console.log('Request ' + request.url);
if (request.url.lastIndexOf(body.url, 0) === 0) {
return;
}

//potentially dangerous request
if (request.url.lastIndexOf("file:///", 0) === 0 && !body.allowLocalFilesAccess) {
networkRequest.abort();
return;
}
}

//to support cdn like format //cdn.jquery...
if (request.url.lastIndexOf("file://", 0) === 0 && request.url.lastIndexOf("file:///", 0) !== 0) {
networkRequest.changeUrl(request.url.replace("file://", "http://"));
}

//potentially dangerous request
if (request.url.lastIndexOf("http://", 0) !== 0 && request.url.lastIndexOf("https://", 0) && !body.allowLocalFilesAccess) {
networkRequest.abort();
return;
}

if (body.waitForJS && request.url.lastIndexOf("http://intruct-javascript-ending", 0) === 0) {
pageJSisDone = true;
}
Expand Down
51 changes: 33 additions & 18 deletions test/test.js
@@ -1,6 +1,6 @@
var should = require("should"),
var should = require("should"),
path = require("path"),
fs = require("fs"),
fs = require("fs"),
phantomjs = require("phantomjs"),
phantomjs2 = require("phantomjs-prebuilt")
tmpDir = path.join(__dirname, "temp"),
Expand Down Expand Up @@ -95,21 +95,7 @@ describe("phantom html to pdf", function () {
done();
});
});
});

it('should create a pdf file ignoring ssl errors', function(done) {
conversion({
url: 'https://sygris.com'
}, function(err, res) {
if (err) {
return done(err);
}

res.numberOfPages.should.be.eql(1);
res.stream.should.have.property("readable");
done();
});
});
});

it('should wait for page js execution', function(done) {
conversion({
Expand Down Expand Up @@ -201,7 +187,7 @@ describe("phantom html to pdf", function () {
return done(err);
}

JSON.stringify(res.logs).should.containEql('foo');
;
done();
});
});
Expand Down Expand Up @@ -261,6 +247,35 @@ describe("phantom html to pdf", function () {
done();
})
});

it('should reject local files', function(done) {
conversion({
html: `<script>
document.write(window.location='${__filename.replace(/\\/g, '/')}')
</script>`
}, function(err, res) {
if (err) {
return done(err);
}
JSON.stringify(res.logs).should.containEql('Unable to load resource')
done()
});
});

it('should allow local files when allowLocalFilesAccess', function(done) {
conversion({
allowLocalFilesAccess: true,
html: `<script>
document.write(window.location='${__filename.replace(/\\/g, '/')}')
</script>`
}, function(err, res) {
if (err) {
return done(err);
}
JSON.stringify(res.logs).should.not.containEql('Unable to load resource')
done()
});
});
}

rmDir = function (dirPath) {
Expand Down

0 comments on commit b5d2da2

Please sign in to comment.