Render local resources in converting PDF by --allow-local-files option

[yhatt]

This PR will support rendering local resources in converting PDF by added --allow-local-files option. See yhatt/marp#242.

marp slide.md --pdf --allow-local-files

So far, we have rendered the converted HTML through data URI while converting into PDF. It is secure and less file I/O, but cannot access to file:/// scheme resources.

By enabling this option, we will create a temporally HTML file and use to render. It has file:/// scheme and can access to local files by reason of Same-Origin Policy.

To resolve relative path in Markdown, we will add <base> element to template while converting PDF.

Example

<!-- inline + relative path -->
![](marp.png)

<!-- background + absolute path -->
![bg right](/Users/yuki.hattori/yhatt.png)

--pdf	--pdf --allow-local-files
(empty slide)	Render local resources correctly

⚠️ Security

For security reason, local file access is disabled by default. You have to specify option explicitly if you want to use local resources. You would see a warning on CLI when using the option.

You should never use --allow-local-files if you want to use marp-cli for purpose of server-side rendering. The exploited Markdown could access/leak unexpected server files.

Especially --html --allow-local-files on a server is a nightmare!!

😈 Worst case

# Don't try this at server.
echo '<iframe src="/etc/passwd"></iframe>' | marp -o DANGER.pdf --html --allow-local-files

An execution confirmed by user is OK at all (e.g. execute in your local terminal).