Make HTML-to-PDF Conversion More Secure

Administrators can make HTML-to-PDF conversion more secure when the Chromium-based converter is used by automatically removing potentially malicious HTML tags. To do this, add the following entry in the configuration of the conversion service:

<add key="HTMLConverterFullFidelity.RemoveNodes" value="iframe, embed, object"/>

With the above configuration, all <IFRAME>, <EMBED>, and <OBJECT> HTML tags will be removed before conversion, thereby blocking any attempts to exploit security vulnerabilities tied to them.