I have a class named eHelpDhtm.js, which is dynamically generated by RoboHelp and I can't modify this file.
If I will modify these file contents then next time when this tool will run then changes will be overwritten.
My issue is :
when I am scanning my whole project through checkmark, I am seeing vulnerability related to DOM XSS attack.
Below is my code snippet:
function PopupMenu_InvokeReady()
{
if (gbWndPopupLinks != null) {
gbWndPopupLinks.document.open("text/html");
gbWndPopupLinks.document.write("<html><head>");
if (gbBsNS2) {
gbWndPopupLinks.document.write("<base href=\"" + location +"\">");
}
return true;
}
Here the faulty line of code is:
gbWndPopupLinks.document.write("<base href=\"" + location +"\">");
I want to change it like below through RoboHelp:
gbWndPopupLinks.document.write("<base href=\"" + HttpUtility.HtmlEncode(location) +"\">");
If RoboHelp will generate above changes then my issue will be resolved.
Can anyone please help me ?