html2pdf
by jesamkim
Overview
Converts HTML content or files to PDF using a headless browser (Puppeteer) with various formatting options.
Installation
node dist/index.jsEnvironment Variables
- PUPPETEER_SKIP_CHROMIUM_DOWNLOAD
- PUPPETEER_EXECUTABLE_PATH
Security Notes
CRITICAL VULNERABILITIES: The server allows path traversal for both input HTML files (`htmlPath`) and output PDF files (`outputPath`). A malicious actor can provide arbitrary file paths, potentially leading to unauthorized reading of sensitive local files via `file://` URLs (`fs.access` only checks existence, not content/permissions for sensitive files) and writing PDFs to arbitrary locations on the server's filesystem, which could overwrite critical system files or exhaust disk space. The `htmlContent`, `headerTemplate`, and `footerTemplate` parameters also accept raw HTML, which could embed malicious JavaScript if the generated PDF is viewed in an insecure context, though the immediate impact is contained within the PDF. Running Puppeteer with `--no-sandbox` (common in Docker) further reduces isolation, making these path traversal vulnerabilities more critical if the server is run as root or with elevated privileges.
Similar Servers
fetcher-mcp
This MCP server is designed for fetching web page content using a Playwright headless browser, enabling intelligent content extraction, JavaScript execution, and flexible output formats.
blueprint-mcp
Enable AI assistants and coding agents to control and automate real web browsers (Chrome, Firefox, Opera) through a browser extension, maintaining logged-in sessions and avoiding bot detection.
mcp-file-preview
This server provides capabilities to preview local HTML files by capturing full-page screenshots and analyzing their structural content.
html-to-markdown-mcp
Converts HTML content from web pages or raw strings into Markdown format, with options for including metadata, truncating content, and saving to files.