Currently supported versions of HTMLConverter:

If you discover a security vulnerability in HTMLConverter, please report it responsibly:

1. Do NOT open a public issue for security vulnerabilities
2. Email: Send details to the repository owner via GitHub
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Resolution Timeline: Varies by severity
• Credit: Security researchers will be credited (unless they prefer anonymity)

• HTMLConverter processes local HTML files using WebView2
• Files are temporarily extracted from ZIP archives to the system temp folder
• Temporary files are handled by the OS cleanup routines

• Uses Microsoft Edge WebView2 runtime
• Inherits security features from Edge browser
• JavaScript execution is limited to rendering scope
• No network requests are made during conversion

• The app requires file system access to read input files and write PDFs
• No elevated privileges required
• No network access required

• Only convert HTML files from trusted sources
• Review HTML content before conversion if from unknown sources
• Keep Windows and WebView2 runtime updated
• Run the app with standard user privileges (no admin needed)

HTMLConverter relies on:

• Microsoft WebView2: Updated through Windows Update
• Windows App SDK: Included in the application package
• .NET Runtime: Included in self-contained deployment

Keep your Windows system updated to ensure all components have the latest security patches.