I havent seen this fixed yet.
When I make a grid from a table I can create a pdf from it (fairly standard code in scriptcase).
The issue is that the code to create a pdf is generated on the CLIENT side.
Thus I can install tamper data or a similar tool and intercept the client calls to the server. I can clearly see what gets send to the server and thus easily alter it. By properly using tamper data I can hack into any scriptcase created website by simply altering the data. Please fix this…
I dont go into further details on purpose, it requires the apprpropriate skills to get this done.
The solution is stupidly simple, do NOT generate a pdf using client side data but do that via protected (and encrypted) data and via the server side. If I can see that wkhtmltopdf is started on the client side then it is seriourly bad…