Administrators can make HTML-to-PDF conversion more secure when the Chromium-based converter is used by automatically removing potentially malicious HTML tags. To do this, add the following entry in the configuration of the conversion service:
With the above configuration, all <IFRAME>
, <EMBED>
, and <OBJECT>
HTML tags will be removed before conversion, thereby blocking any attempts to exploit security vulnerabilities tied to them.