• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers

HTML5 or Frameless export contain inline script -> browsers do not show menu

Community Beginner ,
Sep 12, 2022 Sep 12, 2022

Copy link to clipboard

Copied

Hey,

we currently face the following problem. We want to serve our documentation (frameless or HTML5 export of Robohelp 2020.8) as a web page next to our application. However, browsers do display the content but do NOT display the menu part (left hand side) or upper part of the documentation.

 

The browser (e.g. Edge) complains about inline scripts in the export HTM-files. Is there ANY way to generate security-compliant HTM files NOT containing any inline script?

 

Example of the index.html: the following part seems not to be accepted by the browser:

<script type="text/javascript">//<![CDATA[

gRootRelPath = ".";
gCommonRootRelPath = ".";
//]]></script>

 

Cheers Volker

TOPICS
Output presets

Views

128

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 2 Correct answers

Community Beginner , Sep 14, 2022 Sep 14, 2022

Hey,

solution is for a kubernetes environment hosting the HTML/Framless export
Do NOT do this inside an Angular development under "/assert/xxx"
What to do
  • setup a separate ngnix-image under "/documentation" hosting the Adobe export
  • Define approvate CSP-Header (most likely: allow any inline script for that documentation content under /documentation

 

Cheers Volker

Likes

Translate

Translate
New Here , Sep 14, 2022 Sep 14, 2022

This is an issue for us as well. All of the inline java scripts are causing content security policy threat warnings. In order for the project documents to be useable, the content security policy needs to allow "unsafe-inline scripts", but that is a security concern that gets flagged when our application is scanned for vulnerabilities.

 

Likes

Translate

Translate
Community Beginner ,
Sep 12, 2022 Sep 12, 2022

Copy link to clipboard

Copied

Here is a screenshot of the console

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 12, 2022 Sep 12, 2022

Copy link to clipboard

Copied

I think you'll have to contact support for this one. The email address is recommended as it goes to a dedicated Robohelp team: https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 12, 2022 Sep 12, 2022

Copy link to clipboard

Copied

A normal output from RoboHelp will display with the issue you are reporting. See RoboHelp Tour Introduction (grainge.org) on my site.

 

You must have something in your content that is causing that problem. Generate an output from the About RoboHelp sample project and you will not see that problem. Search your source files for part of the above such as gRootRelPath. See what that finds.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

 

Help others by clicking Correct Answer or Like if helpful. Found your answer elsewhere? Share it here.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

Hey Thanks for the reply: however, the example project export contains the same problematic inline scripts... cheers Volker 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

Then the problem is at your end as those projects are squeaky clean and the script is not causing anyone else a problem.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

Help others by clicking Correct Answer or Like if helpful. Found your answer elsewhere? Share it here.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

I was thinking that they might be running in to cross site scripting security features because of the "as a web page next to our application" hence my suggestion to contact support, as that code is automatically put in the output as part of the generation process.

 

I've done some more searching and I think it's this security feature on Volker's web server:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

 

I think that setting would need to be changed but might not be possible or at least not easy depending on corporate security policies. So contacting support might still be the best option.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

More your area than mine. That script is indeed in the topics in the RoboHelp Tour but there it is not causing a problem. That further supports your theory.

 

I notice @volkerr24776593 says 

However, browsers do display the content but do NOT display the menu part (left hand side) or upper part of the documentation.

 

@Amebr Does that suggest something wrong with the call and could that be related? I don't know but wonder if you do?

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

Help others by clicking Correct Answer or Like if helpful. Found your answer elsewhere? Share it here.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

It is possible the help call is the problem. But the variables relate to file paths, so if they aren't being set, then it's possible various parts of the page aren't referenced properly so aren't being loaded.

 

I'm not familiar enough with how the new ui output is structured or any help call changes to offer advice about that. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

The required help call will probably be different between Responsive and Frameless as well, I think.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

Hey Thanks for your replies. The menu actually renders correctly if I open the same files from the file system.

 

furthermore, generating the html5 export of the robohelp sample project still contains these inline scripts edge is complaining about... I guess I need to deep dive into CSP with one of our developers...

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

Actually, inline scripts are security risks, however adobe does not seem to care about this. So our approach to host the exported help pages is to set up a separate ngnix server below a separate path with a CSP directive to tell the browser to actually accept inline scripts... 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 13, 2022 Sep 13, 2022

Copy link to clipboard

Copied

OK but it doesn't seem to be an issue for anyone else. That's not to disagree but it is something you will need to take up with Adobe.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

Help others by clicking Correct Answer or Like if helpful. Found your answer elsewhere? Share it here.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 14, 2022 Sep 14, 2022

Copy link to clipboard

Copied

LATEST

This is an issue for us as well. All of the inline java scripts are causing content security policy threat warnings. In order for the project documents to be useable, the content security policy needs to allow "unsafe-inline scripts", but that is a security concern that gets flagged when our application is scanned for vulnerabilities.

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Sep 14, 2022 Sep 14, 2022

Copy link to clipboard

Copied

Hey,

solution is for a kubernetes environment hosting the HTML/Framless export
Do NOT do this inside an Angular development under "/assert/xxx"
What to do
  • setup a separate ngnix-image under "/documentation" hosting the Adobe export
  • Define approvate CSP-Header (most likely: allow any inline script for that documentation content under /documentation

 

Cheers Volker

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation
Download Adobe RoboHelp