cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Cross-scripting errors in WebHelp output (RoboHelp 2015)

LEH_0201
New Here ,
Jun 28, 2016 Jun 28, 2016

Copy link to clipboard

Copied

After running a security scan of the product, the application developers reported DOM cross-scripting errors resulting from the online help. This is what the scan turned up:

DOM XSS Issue in the following files:
• Whstart.js -> document.location=document.location;
• whtbar.js -> top.location = strURL;
• whtopic.js -> window.location = strUrl
• whtopic_nc.js -> window.location = strMainPage.substring(0, indx+1) + "whcsh_home.htm#topicurl=" + strMainPage.substring(indx+1);

And also an open redirect issue in the following file:

whtbar.js -> top.location = strURL;

I am generating WebHelp using RoboHelp 2015 (version 12.0.2.384).

I was under the impression that the cross-site scripting errors existed in earlier versions of RoboHelp (8 and 9) and had been corrected in subsequent releases. My search of the RoboHelp forums did turn up a more recent post about similar issues with Responsive HTML 5 output, but that's not the output format I'm using.

Has anyone else recently experienced these errors in WebHelp? Does Adobe have a fix for this issue?

Views

371

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
Captiv8r
LEGEND ,
Jun 28, 2016 Jun 28, 2016

Copy link to clipboard

Copied

Are you claiming these are errors that need addressing or possible security issues?

I've seen reports in the past where folks were wringing their hands because their IT or other folks were saying there were security threats from these cross-scripting issues. And to be honest, I've never once ever in my 20+ years of using the product heard of anyone actually successfully exploiting things. But I do understand it's a concern.

Personally, I'd file a bug on it or contact Adobe Support directly and see what they may say about it.

Cheers... Rick

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEH_0201
New Here ,
Jun 28, 2016 Jun 28, 2016

Copy link to clipboard

Copied

LATEST
In Response To Captiv8r

Sorry, perhaps "error" was the wrong word. The security scan flagged these issues and the application developers want us to correct them.

I'm hoping someone from Adobe might chime in here, but I will also try the other channels you suggest.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation
RoboHelp User Guide
Download Adobe RoboHelp
Download for all available Updates
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices