This project is read-only.

Script injection threat?

Dec 6, 2016 at 3:07 AM

I'm considering using this project to render HTML coming from an end-user rich text editor into images to display in reports. I'll use the HtmlRender.RenderToImage() method.

From a security perspective I just want to ensure nothing bad could happen e.g. if an end-user somehow injected malicious JavaScript into the HTML. I can't find any documentation in relation to this. Is this a risk and if so does HTML Renderer protect against it?

Can someone familiar with HTML Renderer share their thoughts on this?