mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-07-27 23:55:21 +00:00
7d6b70871b
# Description of Changes This pull request introduces a new SSRF (Server-Side Request Forgery) protection mechanism for URL handling in the application. Key changes include adding a dedicated `SsrfProtectionService`, integrating SSRF-safe policies into HTML sanitization, and extending application settings to support configurable URL security options. ### SSRF Protection Implementation: * **`SsrfProtectionService`**: Added a new service to handle SSRF protection with configurable levels (`OFF`, `MEDIUM`, `MAX`) and checks for private networks, localhost, link-local addresses, and cloud metadata endpoints (`app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java`). ### Application Configuration Enhancements: * **`ApplicationProperties`**: Introduced a new `Html` configuration class with nested `UrlSecurity` settings, allowing fine-grained control over URL security, including allowed/blocked domains and internal TLDs (`app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java`). [[1]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R293) [[2]](diffhunk://#diff-1c357db0a3e88cf5bedd4a5852415fadad83b8b3b9eb56e67059d8b9d8b10702R346-R364) * **`settings.yml.template`**: Updated the configuration template to include the new `html.urlSecurity` settings, enabling users to customize SSRF protection behavior (`app/core/src/main/resources/settings.yml.template`). ### HTML Sanitization Updates: * **`CustomHtmlSanitizer`**: Integrated SSRF-safe URL validation into the HTML sanitizer by using the `SsrfProtectionService`. Added a custom policy for validating `img` tags' `src` attributes (`app/common/src/main/java/stirling/software/common/util/CustomHtmlSanitizer.java`). --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Stirling-PDF
Stirling-PDF is a robust, locally hosted web-based PDF manipulation tool using Docker. It enables you to carry out various operations on PDF files, including splitting, merging, converting, reorganizing, adding images, rotating, compressing, and more. This locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements.
All files and PDFs exist either exclusively on the client side, reside in server memory only during task execution, or temporarily reside in a file solely for the execution of the task. Any file downloaded by the user will have been deleted from the server by that point.
Homepage: https://stirlingpdf.com
All documentation available at https://docs.stirlingpdf.com/
Features
- 50+ PDF Operations
- Parallel file processing and downloads
- Dark mode support
- Custom download options
- Custom 'Pipelines' to run multiple features in a automated queue
- API for integration with external scripts
- Optional Login and Authentication support (see here for documentation)
- Database Backup and Import (see here for documentation)
- Enterprise features like SSO (see here for documentation)
PDF Features
Page Operations
- View and modify PDFs - View multi-page PDFs with custom viewing, sorting, and searching. Plus, on-page edit features like annotating, drawing, and adding text and images. (Using PDF.js with Joxit and Liberation fonts)
- Full interactive GUI for merging/splitting/rotating/moving PDFs and their pages
- Merge multiple PDFs into a single resultant file
- Split PDFs into multiple files at specified page numbers or extract all pages as individual files
- Reorganize PDF pages into different orders
- Rotate PDFs in 90-degree increments
- Remove pages
- Multi-page layout (format PDFs into a multi-paged page)
- Scale page contents size by set percentage
- Adjust contrast
- Crop PDF
- Auto-split PDF (with physically scanned page dividers)
- Extract page(s)
- Convert PDF to a single page
- Overlay PDFs on top of each other
- PDF to a single page
- Split PDF by sections
Conversion Operations
- Convert PDFs to and from images
- Convert any common file to PDF (using LibreOffice)
- Convert PDF to Word/PowerPoint/others (using LibreOffice)
- Convert HTML to PDF
- Convert PDF to XML
- Convert PDF to CSV
- URL to PDF
- Markdown to PDF
Security & Permissions
- Add and remove passwords
- Change/set PDF permissions
- Add watermark(s)
- Certify/sign PDFs
- Sanitize PDFs
- Auto-redact text
Other Operations
- Add/generate/write signatures
- Split by Size or PDF
- Repair PDFs
- Detect and remove blank pages
- Compare two PDFs and show differences in text
- Add images to PDFs
- Compress PDFs to decrease their filesize (using qpdf)
- Extract images from PDF
- Remove images from PDF
- Extract images from scans
- Remove annotations
- Add page numbers
- Auto-rename files by detecting PDF header text
- OCR on PDF (using Tesseract OCR)
- PDF/A conversion (using LibreOffice)
- Edit metadata
- Flatten PDFs
- Get all information on a PDF to view or export as JSON
- Show/detect embedded JavaScript
📖 Get Started
Visit our comprehensive documentation at docs.stirlingpdf.com for:
- Installation guides for all platforms
- Configuration options
- Feature documentation
- API reference
- Security setup
- Enterprise features
Supported Languages
Stirling-PDF currently supports 40 languages!
| Language | Progress |
|---|---|
| Arabic (العربية) (ar_AR) | |
| Azerbaijani (Azərbaycan Dili) (az_AZ) | |
| Basque (Euskara) (eu_ES) | |
| Bulgarian (Български) (bg_BG) | |
| Catalan (Català) (ca_CA) | |
| Croatian (Hrvatski) (hr_HR) | |
| Czech (Česky) (cs_CZ) | |
| Danish (Dansk) (da_DK) | |
| Dutch (Nederlands) (nl_NL) | |
| English (English) (en_GB) | |
| English (US) (en_US) | |
| French (Français) (fr_FR) | |
| German (Deutsch) (de_DE) | |
| Greek (Ελληνικά) (el_GR) | |
| Hindi (हिंदी) (hi_IN) | |
| Hungarian (Magyar) (hu_HU) | |
| Indonesian (Bahasa Indonesia) (id_ID) | |
| Irish (Gaeilge) (ga_IE) | |
| Italian (Italiano) (it_IT) | |
| Japanese (日本語) (ja_JP) | |
| Korean (한국어) (ko_KR) | |
| Norwegian (Norsk) (no_NB) | |
| Persian (فارسی) (fa_IR) | |
| Polish (Polski) (pl_PL) | |
| Portuguese (Português) (pt_PT) | |
| Portuguese Brazilian (Português) (pt_BR) | |
| Romanian (Română) (ro_RO) | |
| Russian (Русский) (ru_RU) | |
| Serbian Latin alphabet (Srpski) (sr_LATN_RS) | |
| Simplified Chinese (简体中文) (zh_CN) | |
| Slovakian (Slovensky) (sk_SK) | |
| Slovenian (Slovenščina) (sl_SI) | |
| Spanish (Español) (es_ES) | |
| Swedish (Svenska) (sv_SE) | |
| Thai (ไทย) (th_TH) | |
| Tibetan (བོད་ཡིག་) (bo_CN) | |
| Traditional Chinese (繁體中文) (zh_TW) | |
| Turkish (Türkçe) (tr_TR) | |
| Ukrainian (Українська) (uk_UA) | |
| Vietnamese (Tiếng Việt) (vi_VN) | |
| Malayalam (മലയാളം) (ml_IN) |
Stirling PDF Enterprise
Stirling PDF offers an Enterprise edition of its software. This is the same great software but with added features, support and comforts. Check out our Enterprise docs
🤝 Looking to contribute?
Join our community: