Hi Dan,

Something I encountered lately when playing around with openhtmltopdf lib. I don't know if this a known (if so sorry for this duplicate ticket) or even an issue. Following scenario example: I am rendering HTML content to a PDF file. In the HTML content there is an image tag, with <img src="https://image-creating.server>". One of the cool feature openhtmltopdf provided, it loads the image and renders the image source into the PDF as well. So far so good. Looking at the image providing server, the source example aforementioned, the server just returns an image as byte[] and shows the image directly under the requested URI.

Now the interesting part, the image providing server is the same server that generates the PDF/Image file using the same HTML content, which also contains the same image mentioned above. With the request the application server runs into a recursive never-ending state:
-> com.openhtmltopdf.load -> com.openhtmltopdf.match -> com.openhtmltopdf.load -> com.openhtmltopdf.match ...

This is happening because the scenario looks like it tries to load image/pdf into image/pdf recursively.

The question is, should openhtmltopdf detects this recursive call and catch with an exception or is this something the service application needs to handle?

hi @h2nguyen , I think it should be handled by the library, as it can be considered a denial of service.

@syjer yes one can solve this with your mentioned approach

I thought about this and I don't think there is any simple way to solve. We allow PDF stamping so even validating images as images would not be enough. Has anyone got any ideas?