Copy link to clipboard
Copied
Hello,
We generate WebHelp using RoboHelp HTML. The security teams contantly runs security checks on the applications and the whtopic.js file that RoboHelp generates was identified as a security threat becuase of "DOM ocde injection". The comment was that the document.location.href is controllable and, at a minimum, ought to be run through some html encoding.
Any one else ever run into security analysis of the RoboHelp generated files?
Anything we can do about it?
Thanks,
Rakefet
Copy link to clipboard
Copied
Just to add, we are using Robohelp 9.0.2.271.
I saw
Vulnerability identifier: APSB11-23
CVE number: CVE-2011-2133
but it seems to be realted to an earlier version and should be OK in the version that we have.
I tried to replace the mentioned files but could not see the change.
Thanks,
Rakefet
Copy link to clipboard
Copied
These security things sometimes come up in tools. As the code here doesn’t have anything to do with cross frame scripting, so I very much doubt this is an XSS vulnerability. I have asked the people who know about this to look it over.
Greet,
Willam
Get ready! An upgraded Adobe Community experience is coming in January.
Learn more