app.use((req, res, next) => { if (req.query.url) { // Only allow http/https if (!/^https?:\/\//i.test(req.query.url)) return res.status(400).send('Invalid URL scheme');
phantomjs /path/to/rasterize.js "javascript://%0Acat /etc/passwd%0A//" output.pdf pdfkit v0 8.6 exploit
const pdfkit = require('pdfkit'); const doc = new pdfkit(); doc.html('https://example.com/page-to-print'); doc.pipe(fs.createWriteStream('output.pdf')); doc.end(); const doc = new pdfkit()