我使用 ASP.NET 让 wkhtmltopdf 在本地计算机上工作,我的代码可以安全地在服务器上运行吗
代码将当前 HTML 页面转换为 PDF 并将其显示给用户。我以前从未使用过wkhtmltopdf,我更关心安全性。在服务器上运行它安全吗?我应该怎么做才能使其更安全?
string args = string.Format("\"{0}\" - ", Request.Url.AbsoluteUri);
var startInfo = new ProcessStartInfo(Server.MapPath("bin\\wkhtmltopdf.exe"), args)
{
UseShellExecute = false,
CreateNoWindow = true,
RedirectStandardOutput = true
};
var proc = new Process { StartInfo = startInfo };
proc.Start();
string output = proc.StandardOutput.ReadToEnd();
byte[] buffer = proc.StandardOutput.CurrentEncoding.GetBytes(output);
proc.WaitForExit();
proc.Close();
Response.ContentType = "application/pdf";
Response.BinaryWrite(buffer);
Response.End();
我尝试使用 iTextSharp,但在使用阿拉伯语时遇到了问题。
请建议我是否可以以更好的方式做到这一点。
我的要求很简单,我想将 URL 传递给一个函数,该函数将 HTML 页面转换为 PDF 并将其显示为下载给用户。
Code convert the current HTML page into PDF and show it to the user. I have never worked with wkhtmltopdf before and I am more concerned about security. Is it safe to run it on the server? What should I do to make it more secure?
string args = string.Format("\"{0}\" - ", Request.Url.AbsoluteUri);
var startInfo = new ProcessStartInfo(Server.MapPath("bin\\wkhtmltopdf.exe"), args)
{
UseShellExecute = false,
CreateNoWindow = true,
RedirectStandardOutput = true
};
var proc = new Process { StartInfo = startInfo };
proc.Start();
string output = proc.StandardOutput.ReadToEnd();
byte[] buffer = proc.StandardOutput.CurrentEncoding.GetBytes(output);
proc.WaitForExit();
proc.Close();
Response.ContentType = "application/pdf";
Response.BinaryWrite(buffer);
Response.End();
I tried to us iTextSharp, but I had issues with it when using Arabic language.
Please suggest if I can do it in a better way.
My requirement is simple, I want to pass a URL to a function which will convert the HTML page into PDF and show it as a download to the user.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我不确定参数是否可以运行,只是为了测试尝试这个
" | cmd.exe"看看服务器上是否打开了任何内容,或者您可以尝试测试" | del . /Q"嗯,也许不是 del,你必须做了备份或者使用虚拟电脑,但是如果不使用这样的东西如何测试?管道命令 | 用于在系统上执行第二个命令,或将两个命令连接在一起。
通常情况下,参数不是 rus,因此下一个安全性是 .exe 本身,这个 .exe 可以做什么,不能做什么。
为了使其总体安全,您必须向您的 ASP.NET 应用程序授予正确的权限,并隔离在其目录中。
well, I am not sure if the arguments can run, just for the test try this
" | cmd.exe"to see if anything opens on server, or you can try for test the" | del . /Q"hmm, maybe not the del, you must have made backup OR, use a virtual pc, but how to test if not use anything like this ?The
pipeline command |is used on command to execute a second in the row command on the system, or to connect two commands together.Normally the arguments not rus, so the next security is the .exe him self, what this .exe can do and what not.
To make it secure in general you must have give the correct permission to your asp.net application, and isolate in his directory.