Hunting for SSRF in PDF generator

I'm fairly new to bug bounty hunting though I'm already working in Cyber Security have found unpaid bugs in the past.

I've been bounty hunting consistently for a few weeks and have come up empty handed which has been quite fustrating as it always feels like im SO close to discovering a vuln in a given area but can never quite figure it out. I've been reading about finding SSRF vulns using PDF generators and have been trying to crack one for a few days. It uses Apache FOP, so far as I can tell its only supposed to work with XSL-FO but its definetely doing something with html as when I submit an incomplete tag eg. <iframe src=""> it will add </iframe> onto the end. It seems to filter most content including scripts and XSL lines that fetch data. However you can get around these fairly easily by embedding them in a <style> tag, nonetheless I've been unable to get it to contact my server or fetch any internal data. Any ideas on how to proceed? has anyone worked with Apache FOP before, ver 2.3

Any other advice general advice for someone new would also be greatly appreicated :)