PhantomJS and security hardening

Sitecore uses PhantomJS to generate screenshots of pages that you can use in for example email messages.

PhantomJS is an external executable (.exe) file that is shipped with Sitecore in the $(dataFolder)\tools\phantomjs folder. Sitecore references this file through a setting named ContentTesting.PhantomJS.ExecutablePath in the App_Config\Include\ContentTesting\Sitecore.ContentTesting.config configuration patch file.

The Windows process that Sitecore runs under requires the Read & execute permission on the executable file. The process also requires Read access to the folder itself to access the other files within the folder.

Because PhantomJS is executed from within Sitecore, it runs with the same permissions that have been set for the process that Sitecore is running under. You should run Sitecore with least privilege – only allow access to files and folders that Sitecore needs access to.

Sitecore passes PhantomJS a script that is generated from the RenderScripts processor in the getScreenShotForURL pipeline. This script instructs PhantomJS to write generated images to a specific folder. The GenerateFilename processor is responsible for generating the path and file name for use in the script.

By default, the output path is $(webroot)\temp\screenshots. The process that Sitecore runs under should already have Read and Write permissions to the temp folder. The output folder location is determined within the pipeline, which you can modify to output the files to a different location.