Copy link to clipboard
Copied
I have a class named eHelpDhtm.js, which is dynamically generated by RoboHelp and I can't modify this file.
My issue is :
when I am scanning my whole project through checkmark, I am seeing vulnerability related to DOM XSS attack.
Below is my code snippet:
function PopupMenu_InvokeReady()
{
if (gbWndPopupLinks != null) {
gbWndPopupLinks.document.open("text/html");
gbWndPopupLinks.document.write("<html><head>");
if (gbBsNS2) {
gbWndPopupLinks.document.write("<base href=\"" + location +"\">");
}
return true;
}
Here the faulty line of code is:
gbWndPopupLinks.document.write("<base href=\"" + location +"\">");
I want to change it like below through RoboHelp:
gbWndPopupLinks.document.write("<base href=\"" + HttpUtility.HtmlEncode(location) +"\">");
If RoboHelp will generate above changes then my issue will be resolved.
Can anyone please help me ?
Have something to add?