Skip to main content
V
volkerr24776593
Participating Frequently
September 12, 2022
Answered

HTML5 or Frameless export contain inline script -> browsers do not show menu

  • September 12, 2022
  • 5 replies
  • 735 views

Hey,

we currently face the following problem. We want to serve our documentation (frameless or HTML5 export of Robohelp 2020.8) as a web page next to our application. However, browsers do display the content but do NOT display the menu part (left hand side) or upper part of the documentation.

 

The browser (e.g. Edge) complains about inline scripts in the export HTM-files. Is there ANY way to generate security-compliant HTM files NOT containing any inline script?

 

Example of the index.html: the following part seems not to be accepted by the browser:

<script type="text/javascript">//<![CDATA[

gRootRelPath = ".";
gCommonRootRelPath = ".";
//]]></script>

 

Cheers Volker

This topic has been closed for replies.
Correct answer OCIE26080753zp6w

OK but it doesn't seem to be an issue for anyone else. That's not to disagree but it is something you will need to take up with Adobe.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 


This is an issue for us as well. All of the inline java scripts are causing content security policy threat warnings. In order for the project documents to be useable, the content security policy needs to allow "unsafe-inline scripts", but that is a security concern that gets flagged when our application is scanned for vulnerabilities.

 

5 replies

V
volkerr24776593Author
Participating Frequently
September 14, 2022

Hey,

solution is for a kubernetes environment hosting the HTML/Framless export
Do NOT do this inside an Angular development under "/assert/xxx"
What to do
  • setup a separate ngnix-image under "/documentation" hosting the Adobe export
  • Define approvate CSP-Header (most likely: allow any inline script for that documentation content under /documentation

 

Cheers Volker

A
Community Expert
AmebrCommunity Expert
Community Expert
September 13, 2022

I was thinking that they might be running in to cross site scripting security features because of the "as a web page next to our application" hence my suggestion to contact support, as that code is automatically put in the output as part of the generation process.

 

I've done some more searching and I think it's this security feature on Volker's web server:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

 

I think that setting would need to be changed but might not be possible or at least not easy depending on corporate security policies. So contacting support might still be the best option.

Peter Grainge
Community Expert
Peter GraingeCommunity Expert
Community Expert
September 13, 2022

More your area than mine. That script is indeed in the topics in the RoboHelp Tour but there it is not causing a problem. That further supports your theory.

 

I notice @volkerr24776593 says 

However, browsers do display the content but do NOT display the menu part (left hand side) or upper part of the documentation.

 

@Amebr Does that suggest something wrong with the call and could that be related? I don't know but wonder if you do?

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

Use the menu (bottom right) to mark the Best Answer or Highlight particularly useful replies. Found the answer elsewhere? Share it here.
A
Community Expert
AmebrCommunity Expert
Community Expert
September 13, 2022

It is possible the help call is the problem. But the variables relate to file paths, so if they aren't being set, then it's possible various parts of the page aren't referenced properly so aren't being loaded.

 

I'm not familiar enough with how the new ui output is structured or any help call changes to offer advice about that. 

Peter Grainge
Community Expert
Peter GraingeCommunity Expert
Community Expert
September 13, 2022

A normal output from RoboHelp will display with the issue you are reporting. See RoboHelp Tour Introduction (grainge.org) on my site.

 

You must have something in your content that is causing that problem. Generate an output from the About RoboHelp sample project and you will not see that problem. Search your source files for part of the above such as gRootRelPath. See what that finds.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

 

Use the menu (bottom right) to mark the Best Answer or Highlight particularly useful replies. Found the answer elsewhere? Share it here.
V
volkerr24776593Author
Participating Frequently
September 13, 2022

Hey Thanks for the reply: however, the example project export contains the same problematic inline scripts... cheers Volker 

Peter Grainge
Community Expert
Peter GraingeCommunity Expert
Community Expert
September 13, 2022

Then the problem is at your end as those projects are squeaky clean and the script is not causing anyone else a problem.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

Use the menu (bottom right) to mark the Best Answer or Highlight particularly useful replies. Found the answer elsewhere? Share it here.
A
Community Expert
AmebrCommunity Expert
Community Expert
September 12, 2022

I think you'll have to contact support for this one. The email address is recommended as it goes to a dedicated Robohelp team: https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp

V
volkerr24776593Author
Participating Frequently
September 12, 2022

Here is a screenshot of the console

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices