html2pdf
by jesamkim
Overview
Converts HTML content or files to PDF using a headless browser (Puppeteer) with various formatting options.
Installation
node dist/index.jsEnvironment Variables
- PUPPETEER_SKIP_CHROMIUM_DOWNLOAD
- PUPPETEER_EXECUTABLE_PATH
Security Notes
CRITICAL VULNERABILITIES: The server allows path traversal for both input HTML files (`htmlPath`) and output PDF files (`outputPath`). A malicious actor can provide arbitrary file paths, potentially leading to unauthorized reading of sensitive local files via `file://` URLs (`fs.access` only checks existence, not content/permissions for sensitive files) and writing PDFs to arbitrary locations on the server's filesystem, which could overwrite critical system files or exhaust disk space. The `htmlContent`, `headerTemplate`, and `footerTemplate` parameters also accept raw HTML, which could embed malicious JavaScript if the generated PDF is viewed in an insecure context, though the immediate impact is contained within the PDF. Running Puppeteer with `--no-sandbox` (common in Docker) further reduces isolation, making these path traversal vulnerabilities more critical if the server is run as root or with elevated privileges.
Similar Servers
fetcher-mcp
Fetch web page content using a Playwright headless browser, capable of handling dynamic JavaScript, intelligent content extraction, and parallel URL processing.
blueprint-mcp
Enables AI agents to control and automate a user's real browser session (Chrome, Firefox, Opera) for tasks like web scraping, form filling, and general web interaction, preserving user context like logins and extensions.
mcp-file-preview
This server provides capabilities to preview local HTML files by capturing full-page screenshots and analyzing their structural content.
mcp-server-puppeteer
A Zed editor extension that provides Model Context Protocol (MCP) server capabilities using Puppeteer for browser automation and content extraction.