Copy link to clipboard
Copied
Adobe Customer Support tells me that RoboHelp version 9 is no longer updated and that I need to ask on this forum if there is any solution to the problems of Cross-Site Scripting vulnerabilities (discovered by the IT group's scanning our web app that includes the WebHelp generated by RoboHelp). There are problems with these two JavaScript files: whphost.js and whutils.js. If there are not any updates to the product, does anyone have a recommendation for handling these vulnerabilities? Does anyone know of any work-arounds?
Copy link to clipboard
Copied
See this thread - https://forums.adobe.com/message/5388554#5388554 and others like it.
You need to identify the specific issue your security audit is freaking out about and check to see if any changes have been made in newer versions of RH. If there haven’t been any changes, you need to contact Adobe Tech Support with your specific concerns.
Copy link to clipboard
Copied
Thanks, Jeff.
Yeah, I've seen that thread and for that vulnerability, there is a simple work-around.
But recently, a scan has highlighted these lines as vulnerabilities:
In the whphost.js file:
37 this.show = function(bShow)
43 this.load();
83 this.load = function()
88 var strFile = _getFullPath(getPath(), this.msComFile);
94 var sHTML = "<IFRAME ID=" ...;
98 sHTML += "100%; height:100%;\"></IFRAME>";
166 for (var s = 0; s < this.maCom.length; s++)
171 this.maCom[nId].show(true);
204 function getPath()
208 gsPath = location.href;
213 return gsPath;
In the whutils.js file:
92 function _getHost(sPath)
103 return sPath;
106 function _getFullPath(sPath, sRelPath)
111 return _getHost(sPath) + sRelPath;
This is starting to look too complicated for a simple work-around.
How would I check to see if these are handled in any versions 10 or 11?
Copy link to clipboard
Copied
I’d find a non-production machine and download a trial copy, then have a look at the template js files you’re interested in. Have you investigated the HTML5 output to see if it satisfy your security guys?