Hi,
I need to fix the security hole where an iframe can access local files. My security testers managed to do this on UNIX. I'm on Windows and the problem is that I can't get princexml to read in a local file with an iframe.
According to this page: https://www.princexml.com/doc/server-integration/#local-files princexml allows local access by default and it needs to be turned off.
Here's my code snippet:
Prince just renders an empty iframe. Any ideas why? i need to repeat the problem before fixing!
Regards Peter
I need to fix the security hole where an iframe can access local files. My security testers managed to do this on UNIX. I'm on Windows and the problem is that I can't get princexml to read in a local file with an iframe.
According to this page: https://www.princexml.com/doc/server-integration/#local-files princexml allows local access by default and it needs to be turned off.
Here's my code snippet:
<iframe style="border:1px solid red; width:100%; height:600px;" src="file:///c:/temp/1.txt"></iframe>Prince just renders an empty iframe. Any ideas why? i need to repeat the problem before fixing!
Regards Peter