Skip to main content
August 25, 2013
Question

The whtopic.js file was identified as a security threat

  • August 25, 2013
  • 1 reply
  • 599 views

Hello,

We generate WebHelp using RoboHelp HTML. The security teams contantly runs security checks on the applications and the whtopic.js file that RoboHelp generates was identified as a security threat becuase of "DOM ocde injection". The comment was that the document.location.href is controllable and, at a minimum, ought to be run through some html encoding.

Any one else ever run into security analysis of the RoboHelp generated files?

Anything we can do about it?

Thanks,

Rakefet

This topic has been closed for replies.

1 reply

August 25, 2013

Just to add, we are using Robohelp 9.0.2.271.

I saw

Vulnerability identifier: APSB11-23

CVE number: CVE-2011-2133

but it seems to be realted to an earlier version and should be OK in the version that we have.

I tried to replace the mentioned files but could not see the change.

Thanks,

Rakefet

Willam van Weelden
Inspiring
August 28, 2013

These security things sometimes come up in tools. As the code here doesn’t have anything to do with cross frame scripting, so I very much doubt this is an XSS vulnerability. I have asked the people who know about this to look it over.

Greet,

Willam