How to make HTML-to-PDF conversion more secure?

The version of Google Chrome releasing on 8 January 2025 removes headless functionality. If you’re using Nutrient Document Converter (formerly Muhimbi PDF Converter) or Nutrient Document Converter Services (formerly Muhimbi PDF Converter Services) on-premises applications, configured to use Chrome, this may have an impact on your HTML-to-PDF conversions. To resolve this, switch to Blink Binaries or Chrome headless shell.

Administrators can make HTML-to-PDF conversion more secure (when the Chromium-based converter is used) by automatically removing potentially malicious HTML tags. To do this, add the following entry in the configuration of the Conversion Service:

<add key="HTMLConverterFullFidelity.RemoveNodes" value="iframe, embed, object"/>

With the configuration above, all <IFRAME>, <EMBED>, and <OBJECT> HTML tags will be removed before conversion, thereby blocking any attempts to exploit security vulnerabilities tied to them.