HTML5 generated from FM 2020 showing errors in dev console.

New Here ,
Aug 02, 2021 Aug 02, 2021

Copy link to clipboard

Copied

The HTML5 output that I generated form FM 2020 V16..0.0, when deployed to the dev environemnt is not working. The dev console lists the following errors related to Javascript:

1) Refused to exceute the inline script...

2) Uncaught Eval Error: Refused to evaluate a string as JavaScript

3) Uncaught ReferenceError: gTopicFrameName is not defined

 

I am new to FM and HTML, please help me understand and resolve this issue.

 

Thanks

 

Moving from Using the Community (which is about the forums) to the correct forum... Mod
To ask in the forum for your program please start at https://community.adobe.com/

Views

130

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Adobe Community Professional , Aug 09, 2021 Aug 09, 2021
Alright, so the Responsive HTML generates without error from Fm, but your deployed content is getting flagged by the systems needing context-sensitive help. You can try: Getting your output approved by the security team (their settings are causing the issue) Producing MS HTML Help (CHM) from Fm (might remove the JS from output) Submitting a feature request at tracker.adobe.com to allow removal of the JS (slow to happen, may require significant effort by Adobe, for something not widely repo...

Likes

Translate

Translate
Adobe Community Professional ,
Aug 02, 2021 Aug 02, 2021

Copy link to clipboard

Copied

First things first: Please update to 16.0.2.916 to see if the issue remains.

-Matt

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 09, 2021 Aug 09, 2021

Copy link to clipboard

Copied

Thanks Matt. I did take update to the latest buid, however, it did not solve the problem.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Aug 09, 2021 Aug 09, 2021

Copy link to clipboard

Copied

To clarify, when using 16.0.2, you are getting console messages related to inline scripts, JavaScript, and gTopicFrameName, yes?

  • You mention deploying to the dev environment; is there information here that pertains to the issue?
  • Have you tried exporting any of the files found under Help>Samples to confirm that the issue is with Fm, and not your content?
  • Are you running any plugins, scripts, or customizations that are not part of the Fm base install?
  • Do formats other than HTML5 publish properly?
  • Have you tried creating a new layout in the Publish panel Options (under Publish>Change Settings>Edit>Outputs>RHTML5>General>Manage Layout>New)?

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 09, 2021 Aug 09, 2021

Copy link to clipboard

Copied

Hi Matt,

The problem is not with generating/publishing the HTML output. I do not have a strong technical knowledge but will try to explain the problem with more context:  

  • When the help files are deployed on the applicaion, some of the scripts from htm files are flagged as violating the Content Security Policy.
  • As per the security team these vulnearabilities are being caused by the java scripts ("script-src 'self'..) present in the HTML output generated through FrameMaker. 
  • In some other authoring tools, we get the option to exclude JavaScript form Context Sensitive Help, but i did not find any such option in FrameMaker.

How can we reduce the cross-site scripting vulnerabilities from HTML generated through FrameMaker?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Aug 09, 2021 Aug 09, 2021

Copy link to clipboard

Copied

Alright, so the Responsive HTML generates without error from Fm, but your deployed content is getting flagged by the systems needing context-sensitive help.

 

You can try:

  • Getting your output approved by the security team (their settings are causing the issue)
  • Producing MS HTML Help (CHM) from Fm (might remove the JS from output)
  • Submitting a feature request at tracker.adobe.com to allow removal of the JS (slow to happen, may require significant effort by Adobe, for something not widely reported here)
  • Linking your Fm content into a RoboHelp project to explore other options/formats
  • Try other layouts available within Fm (low probability of success, IMO)

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 10, 2021 Aug 10, 2021

Copy link to clipboard

Copied

Thank you for providing prompt responses.

I have communicated these suggestion to my team and they are now panning to get exemptions on the flagged items. Though, this works for now may not be an ideal solution. The only option left in that case could be switching to some other tool to generate responsive html output.

If there could be a quick fix to allow safe execution of the JavaScripts that are getting flagged currently, then it would be great.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Aug 09, 2021 Aug 09, 2021

Copy link to clipboard

Copied

Pretty sure that all HTML5 output produced from FM and RH has JS in it - even the new snazzy Frameless output in RH just does away with iFrames, but not JavaScript, AFAIK.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Aug 10, 2021 Aug 10, 2021

Copy link to clipboard

Copied

LATEST

I'm sure there's nothing in the JS that the HTML5 output contains that isn't secure, but you're welcome to chat with the FM folks about it - see https://helpx.adobe.com/contact/enterprise-support.other.html#framemaker for your Adobe Support options. I'd recommend using the tcssup@adobe.com e-mail address as it reaches a team dedicated to Technical Communication Suite products including FrameMaker.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines