Sandboxing – Secure Code Execution – C#

C# Sandbox

C# sandbox is a restricted environment where code runs with limited permissions, resources, and privileges. The main purpose of using a sandbox is to isolate potentially untrusted or unsafe code, limiting the potential damage it can cause in case of a security vulnerability or malicious behavior.

A sandbox environment helps mitigate security risks and ensure safe code execution:

This article explores the concept of C# sandbox and demonstrates its application in achieving secure code execution using Aspose.HTML. We will focus on examining the Security property of the Configuration class that Aspose.HTML for .NET provides for detecting and responding to potential security threats in C# applications.

Sandbox Environment

Code Security – Blocks Script Execution

In a sandbox, you can ensure code security by isolating potentially untrusted elements from the rest of your application, protecting the entire application from vulnerabilities. A sandboxing flag set is a set of zero or more of the flags, which are used to restrict the abilities of potentially untrusted resources. The sandbox attribute allows you to set a number of restrictions on the content loaded in the frame, for example, block forms and scripts. This improves the code security of the current document, especially when a document is loaded from an unverified source.

The following C# example shows how to mark scripts as an untrusted resource and disable them for HTML to PDF conversion:

  1. Initialize an instance of the Configuration class.
  2. Set the sandbox flag of the configuration instance to include the Sandbox.Scripts value. This marks scripts as untrusted resources within the sandbox environment. This step is crucial as scripts pose a potential risk in executing malicious code.
  3. Create an instance of the HTMLDocument class using HTMLDocument(address, configuration) constructor that takes the HTML file path and the configuration instance.
  4. Call the ConvertHTML(document, options, outputPath) method to Convert HTML to PDF.
 1using System.IO;
 2using Aspose.Html;
 3using Aspose.Html.Converters;
 4using Aspose.Html.Saving;
 6    // Create an instance of the Configuration class
 7    using (var configuration = new Configuration())
 8    {
 9        // Mark "scripts" as an untrusted resource
10        configuration.Security |= Sandbox.Scripts;
12        // Initialize an HTML document with specified configuration
13        using (var document = new HTMLDocument(Path.Combine(DataDir, "document-with-scripts.html"), configuration))
14        {
15            // Convert HTML to PDF
16            Converter.ConvertHTML(document, new PdfSaveOptions(), Path.Combine(OutputDir, "document-sandbox.pdf"));
17        }
18    }

By setting a security flag to enable Sandbox.Scripts, the Aspose.HTML for .NET library ensures that scripts in an HTML document are not executed, helping to improve security and mitigate the potential risks associated with untrusted scripts.

How to Disable Image Loading

Consider an example where a sandbox is used to disable the loading of images when executing HTML code:

  1. Prepare HTML code and save it to a file. The HTML code contains a <span> element with an inline style that sets a background image from the URL.
  2. Sandbox Setup. Create a new instance of the Configuration class and set the Security property of the configuration instance with the Sandbox.Images flag. This indicates that the Images resource should be considered untrusted in the sandbox environment. By marking images as untrusted resources, access to potentially malicious image sources is restricted.
  3. Initialize the HTML document with the specified configuration.
  4. Call the ConvertHTML(document, options, outputPath) method to convert the HTML document to a PDF file.
 1using System.IO;
 2using Aspose.Html;
 3using Aspose.Html.Converters;
 4using Aspose.Html.Saving;
 6    // Prepare HTML code and save it to a file
 7    var code = "<span style=\"background-image:url('')\">Hello World!!</span> " +
 8               "<script>document.write('Have a nice day!');</script>";
10    File.WriteAllText(Path.Combine(OutputDir, "sandboxing.html"), code);
12    // Create an instance of Configuration
13    using (var configuration = new Configuration())
14    {
15        // Mark 'Images' as an untrusted resource
16        configuration.Security |= Sandbox.Images;
18        // Initialize an HTML document with specified configuration
19        using (var document = new HTMLDocument(Path.Combine(OutputDir, "sandboxing.html"), configuration))
20        {
21            // Convert HTML to PDF
22            Converter.ConvertHTML(document, new PdfSaveOptions(), Path.Combine(OutputDir, "sandboxing-out.pdf"));
23        }
24    }

The above C# example demonstrates the process of sandboxing HTML code, marking specific resources – in this case, images – as untrusted within the sandbox environment and then converting HTML to a PDF format with disabled image loading.

Sandboxing Flags

In the world of software development, security is a prime concern. Sandboxing involves creating a secure environment where untrusted code can run without compromising the system’s integrity. C# sandbox helps developers reduce code security risks by protecting applications from potential vulnerabilities. Aspose.HTML C# library offers several sandboxing flags, each presenting different cases of isolation and security. Here are some sandbox flags:

NoneIf a sandbox flag is not set, then every sandbox function is accepted.
NavigationThe flag prevents content from navigating browsing contexts other than the sandboxed browsing context itself (or browsing contexts further nested inside it), auxiliary browsing contexts, and the top-level browsing context.
PluginsThe flag prevents content from instantiating plugins, whether using the embed element, the object element, the applet element, or through the navigation of a nested browsing context unless those plugins can be secured.
OriginThe flag forces content into a unique origin, thus preventing it from accessing other content from the same origin.
FormsThe flag blocks form submission.
ScriptsThe flag blocks script execution.
ImagesThe flag disables image loading.

You can download the complete examples and data files from GitHub.

Subscribe to Aspose Product Updates

Get monthly newsletters & offers directly delivered to your mailbox.