HTML To .doc

Hey! I've added the below code to extract the html from a TipTap text editor and let the user generate/download a word .doc file. There isn't a whole lot of documentation on this type of code that i can find. Can anyone see any security issues with this or anything i should be aware of before giving users this functionality? const handleDownloadClick = () => { const htmlContent = editor.getHTML(); const header = <html xmlns:o='urn:schemas-microsoft-com🏢office' xmlns:w='urn:schemas-microsoft-com🏢word' xmlns='http://www.w3.org/TR/REC-html40'> <head> <meta charset='utf-8'> <title>Document</title> <style> body { font-family: 'Calibri', sans-serif; font-size: 11pt; color: #000000; } h1, h2, h3 { font-family: 'Calibri', sans-serif; color: #000000; } </style> </head> <body> ; const footer = </body></html>; const fullContent = header + htmlContent + footer; const blob = new Blob([fullContent], { type: "application/msword;charset=utf-8", }); const link = document.createElement("a"); const url = URL.createObjectURL(blob); link.href = url; link.download = `fileName.doc'; document.body.appendChild(link); link.click(); document.body.removeChild(link); };
1 Reply
Ping
Ping4mo ago
I'm not sure regarding security, maybe the only thing that is risky is the content that is written in the TipTap editor. However the bigger issue may be regarding how well Word accepts and works with the HTML produced by TipTap. Try looking for documentation regarding how Word interpriates HTML, then study how TipTap produces it's HTML, and see if any modification may be required there. Once you think the content is acceptable for word, is when it's probably safe to give your users this functionality.
Want results from more Discord servers?
Add your server