Skip to content

feat: Implement a PDF conversion script #2466 #2467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

feat: Implement a PDF conversion script #2466 #2467

wants to merge 8 commits into from

Conversation

@shaunyogeshwaran
Copy link
Member

@shaunyogeshwaran shaunyogeshwaran commented May 26, 2025
edited
Loading

Fixes #2466
This PR is still a WIP and not yet ready for review

The PR fulfills these requirements: (check all the apply)

  • It's submitted to the main branch.
  • When resolving a specific issue, it's referenced in the PR's title (e.g. feat: Add a button #xxx, where "xxx" is the issue number).
  • When resolving a specific issue, the PR description includes Closes #xxx, where "xxx" is the issue number.
  • If changes were made to ui folder, unit tests (make test) still pass.
  • New/updated tests are included

@shaunyogeshwaran shaunyogeshwaran self-assigned this May 26, 2025
@shaunyogeshwaran shaunyogeshwaran added the feature Feature request label May 26, 2025
@shaunyogeshwaran shaunyogeshwaran marked this pull request as draft May 26, 2025 07:37
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2025
View reviewed changes
docs-pdf/generate-pdf.js

while (nextPageUrl) {
if (urls.length >= maxPages) break;
if (urls.includes(nextPageUrl)) break;

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://docs.h2o.ai/h2o-document-ai/get-started/what-is-h2o-document-ai
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 6 months ago

To address the issue, we need to validate that nextPageUrl belongs to the trusted domain (docs.h2o.ai) before adding it to the urls array. This can be achieved by parsing the URL using the URL constructor and checking its hostname property against the trusted domain. This approach ensures that only URLs with the correct host are processed, mitigating the risk of malicious URLs bypassing the check.

The changes will involve:

  1. Parsing nextPageUrl using the URL constructor.
  2. Validating that the hostname of nextPageUrl matches the trusted domain (docs.h2o.ai).
  3. Updating the condition on line 16 to include this validation.
Suggested changeset 1
docs-pdf/generate-pdf.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/docs-pdf/generate-pdf.js b/docs-pdf/generate-pdf.js
--- a/docs-pdf/generate-pdf.js
+++ b/docs-pdf/generate-pdf.js
@@ -15,3 +15,9 @@
     if (urls.length >= maxPages) break;
-    if (urls.includes(nextPageUrl)) break;
+    try {
+      const parsedUrl = new URL(nextPageUrl);
+      if (parsedUrl.hostname !== 'docs.h2o.ai' || urls.includes(nextPageUrl)) break;
+    } catch (e) {
+      console.error(`Invalid URL encountered: ${nextPageUrl}`);
+      break;
+    }
 
EOF
@@ -15,3 +15,9 @@
if (urls.length >= maxPages) break;
if (urls.includes(nextPageUrl)) break;
try {
const parsedUrl = new URL(nextPageUrl);
if (parsedUrl.hostname !== 'docs.h2o.ai' || urls.includes(nextPageUrl)) break;
} catch (e) {
console.error(`Invalid URL encountered: ${nextPageUrl}`);
break;
}

Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lo5 lo5 Awaiting requested review from lo5 lo5 is a code owner

@mturoci mturoci Awaiting requested review from mturoci mturoci is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@shaunyogeshwaran shaunyogeshwaran

Labels

feature Feature request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add a PDF conversion script

1 participant

@shaunyogeshwaran