From e17481ae99c375a2d724140e4d65c76972f975c7 Mon Sep 17 00:00:00 2001
From: Amit Singh <amitsingh@adobe.com>
Date: Wed, 17 Jul 2024 00:06:14 +0530
Subject: [PATCH] Added documentation for security restriction added in
 html2pdf operation

---
 src/pages/overview/pdf-services-api/howtos/create-pdf.md | 4 ++++
 src/pages/resources/openapi.json                         | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/pages/overview/pdf-services-api/howtos/create-pdf.md b/src/pages/overview/pdf-services-api/howtos/create-pdf.md
index 1035248c6..71e1f2112 100644
--- a/src/pages/overview/pdf-services-api/howtos/create-pdf.md
+++ b/src/pages/overview/pdf-services-api/howtos/create-pdf.md
@@ -30,6 +30,10 @@ following formats:
 If a Microsoft Word/PowerPoint input file has an embedded TrueType font, the output pdf will also contain the same embedded TrueType font.
 For more information, refer [Benefits of embedding custom fonts](https://support.microsoft.com/en-us/office/benefits-of-embedding-custom-fonts-cb3982aa-ea76-4323-b008-86670f222dbc#OfficeVersion=Windows).
 
+<InlineAlert slots="text"/>
+
+We are implementing a new security validation that will impose restrictions on the conversion requests in which:<br/>1. URL Scheme is not HTTPs.<br/>2. Hostname resolves to non-routable IP Address (Private/Local/Link local, etc). This will also include cases which will include redirects with non-routable IP addresses.
+
 Please refer the [API usage guide](../api-usage.md) to understand how to use our APIs.
 
 <CodeBlock slots="heading, code" repeat="5" languages="Java, .NET, Node JS, Python, REST API" /> 
diff --git a/src/pages/resources/openapi.json b/src/pages/resources/openapi.json
index 622035ae0..23056ec38 100644
--- a/src/pages/resources/openapi.json
+++ b/src/pages/resources/openapi.json
@@ -2079,7 +2079,7 @@
           "Html to PDF"
         ],
         "summary": "Convert HTML Resources to a PDF File",
-        "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\<script src='./json.js' type='text/javascript'>\\</script>. You can also provide the URL of the HTML page in inputUrl parameter. <b>However, creating PDF from URL is not supported in External Storage flow.</b>",
+        "description": "Creates PDFs from static/dynamic HTML or HTML(with inline CSS) or just a URL. It's a common scenario for enterprise to provide end users with a HTML template with form fields. In case of dynamic HTML this API allows you to capture the users unique data entries and then save it as PDF. Collected data is stored in a JSON file, and the source HTML file must include \\<script src='./json.js' type='text/javascript'>\\</script>. You can also provide the URL of the HTML page in inputUrl parameter. <b>However, creating PDF from URL is not supported in External Storage flow.</b><br><b>We do not support the following conditions:</b><br>1. URL Scheme is not HTTPs.<br>2. Hostname resolves to non-routable IP Address (Private/Local/Link local, etc).This will also include cases which will include redirects with non-routable IP addresses.<br>",
         "operationId": "pdfoperations.htmltopdf",
         "parameters": [
           {