Copy link to clipboard
Copied
Hey,
we currently face the following problem. We want to serve our documentation (frameless or HTML5 export of Robohelp 2020.8) as a web page next to our application. However, browsers do display the content but do NOT display the menu part (left hand side) or upper part of the documentation.
The browser (e.g. Edge) complains about inline scripts in the export HTM-files. Is there ANY way to generate security-compliant HTM files NOT containing any inline script?
Example of the index.html: the following part seems not to be accepted by the browser:
<script type="text/javascript">//<![CDATA[
gRootRelPath = ".";
gCommonRootRelPath = ".";
//]]></script>
Cheers Volker
Hey,
Cheers Volker
This is an issue for us as well. All of the inline java scripts are causing content security policy threat warnings. In order for the project documents to be useable, the content security policy needs to allow "unsafe-inline scripts", but that is a security concern that gets flagged when our application is scanned for vulnerabilities.
Copy link to clipboard
Copied
Copy link to clipboard
Copied
I think you'll have to contact support for this one. The email address is recommended as it goes to a dedicated Robohelp team: https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp
Copy link to clipboard
Copied
A normal output from RoboHelp will display with the issue you are reporting. See RoboHelp Tour Introduction (grainge.org) on my site.
You must have something in your content that is causing that problem. Generate an output from the About RoboHelp sample project and you will not see that problem. Search your source files for part of the above such as gRootRelPath. See what that finds.
________________________________________________________
My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.
Copy link to clipboard
Copied
Hey Thanks for the reply: however, the example project export contains the same problematic inline scripts... cheers Volker
Copy link to clipboard
Copied
Then the problem is at your end as those projects are squeaky clean and the script is not causing anyone else a problem.
________________________________________________________
My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.
Copy link to clipboard
Copied
I was thinking that they might be running in to cross site scripting security features because of the "as a web page next to our application" hence my suggestion to contact support, as that code is automatically put in the output as part of the generation process.
I've done some more searching and I think it's this security feature on Volker's web server:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
I think that setting would need to be changed but might not be possible or at least not easy depending on corporate security policies. So contacting support might still be the best option.
Copy link to clipboard
Copied
More your area than mine. That script is indeed in the topics in the RoboHelp Tour but there it is not causing a problem. That further supports your theory.
I notice @volkerr24776593 says
However, browsers do display the content but do NOT display the menu part (left hand side) or upper part of the documentation.
@Amebr Does that suggest something wrong with the call and could that be related? I don't know but wonder if you do?
________________________________________________________
My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.
Copy link to clipboard
Copied
It is possible the help call is the problem. But the variables relate to file paths, so if they aren't being set, then it's possible various parts of the page aren't referenced properly so aren't being loaded.
I'm not familiar enough with how the new ui output is structured or any help call changes to offer advice about that.
Copy link to clipboard
Copied
The required help call will probably be different between Responsive and Frameless as well, I think.
Copy link to clipboard
Copied
Hey Thanks for your replies. The menu actually renders correctly if I open the same files from the file system.
furthermore, generating the html5 export of the robohelp sample project still contains these inline scripts edge is complaining about... I guess I need to deep dive into CSP with one of our developers...
Copy link to clipboard
Copied
Actually, inline scripts are security risks, however adobe does not seem to care about this. So our approach to host the exported help pages is to set up a separate ngnix server below a separate path with a CSP directive to tell the browser to actually accept inline scripts...
Copy link to clipboard
Copied
OK but it doesn't seem to be an issue for anyone else. That's not to disagree but it is something you will need to take up with Adobe.
________________________________________________________
My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.
Copy link to clipboard
Copied
This is an issue for us as well. All of the inline java scripts are causing content security policy threat warnings. In order for the project documents to be useable, the content security policy needs to allow "unsafe-inline scripts", but that is a security concern that gets flagged when our application is scanned for vulnerabilities.
Copy link to clipboard
Copied
Hey,
Cheers Volker