Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
@plotdb/pageshot
Advanced tools
Changelog
v1.0.0
lderror
instead of ldError
Readme
simple express server and APIs powered by puppeteer for following purpose:
Puppeteer runs headless browser which can access content within intranet, and thus might be vulnerable to SSRF exploit. To accept arbitrary user input, try running pageshot server in a container with proper network configuration.
install:
npm install --save @plotdb/pageshot
run api server:
npx pageshot -p <port>
this will start a screenshot server listening to specific port.
To take a screenshot, send a POST request to <domain>/api/screenshot
with a payload in below format:
{ url: "url-to-screenshot"}
or
{ html: "code-to-render" }
For example:
payload = {url: "https://google.com"}
ld$.fetch "http://localhost:9010/api/", {method: \POST}, {json: payload}
.then -> it.arrayBuffer!
.then -> URL.createObjectURL(new Blob([new Uint8Array(it, 0, it.length)], {type: "image/png"}))
.then (url) ->
img = new Image!
img.src = url
There are 3 api curently available:
/api/screenshot
- taking screenshot in png format./api/print
- taking screenshot in pdf format. input similar to /api/screenshot
./api/merge
- merge multiple document into one pdf. payload format:
list
: a list of documents to merge. Each is an object with following format:
html
: html code to print and merge.url
: url for web page to print and merge. omitted when html
is availablepdffile
: file path for pdf file to merge.pdflink
: url for pdf file to merge.
pdffile
and pdflink
only work in nodeJS API when calling with trust-input
set to true. see API
.@plotdb/pageshot
also provides JS api for those http api counterpart. To use JS api, first init a pageshot
page mananger:
require! <[pageshot]>
ss = new pageshot( opt )
options:
screenshot object API:
payload
: as described in previous section.trustInput
: default false. when set to true, pdffile
and pdflink
options are enabled.Sample usage:
lc = {}
ps = new pageshot!
ps.init!
# take a screenshot of google.com through ps.screenshot API
.then -> ps.screenshot url: "https://google.com"
.then -> fs.write-file-sync "out.png", it
# ... or, manually operate the page instance
.then -> ps.get!
.then (obj) ->
lc.obj = obj
# either one of following
# obj.page.setContent html, {waitUntil: "domcontentloaded"}
# obj.page.goto url
.then -> lc.obj.page.screenshot!
.then -> ps.free lc.obj
PDF merging is provided by easy-pdf-merge
, which in turn depends on related java
package. Java is needed for using this functionality, and can be installed via following commands:
wget -qO - https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public | sudo apt-key add -
sudo apt-get install software-properties-common
sudo add-apt-repository --yes https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/
sudo apt-get update && sudo apt-get install adoptopenjdk-8-hotspot
When generating documents with CJK characters, you may want to install related fonts in your system:
sudo apt-get fonts-noto-cjk
MIT
FAQs
a simple server accepting request to take website screenshot in png / pdf formats
The npm package @plotdb/pageshot receives a total of 3 weekly downloads. As such, @plotdb/pageshot popularity was classified as not popular.
We found that @plotdb/pageshot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.