New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filenames with spaces not supported #8
Comments
@iamjochem simply put your file name inside quotes. |
sure that works but I don't think it's a good idea to put the responsibility of proper [cmd argument] escaping on the consumer of this module (effectively the consumer should not know that functionality is implemented using |
Right! If time permits I'll implement proper command execution. Thanks again for reporting. |
cool - I reopened this issue so that it can remind you every now and again ;-) |
@iamjochem as of v0.5.0 we now use |
hi there,
filenames with spaces cause your tool to break because filename arguments are passed to
pdf2htmlEX
command line without quotes.see here: https://github.com/fagbokforlaget/pdftohtmljs/blob/master/lib/pdftohtml.js#L58
given the way the cmd-line string is simply concatenated I assume this also consistutes a potential cmd injection vector (here is an example discussion regarding this security issue), I believe the following article offers a partial solution:
I'm not sure whether using
require('child_process').execFile()
helps with the spaces in file paths, it might be worth considering some kind of package geared towards escaping shell argumentsThe text was updated successfully, but these errors were encountered: