Welcome Dialog

Welcome to the Community!

We have a brand new look! Take a tour with us and explore the latest updates on Adobe Support Community.


Adobe RoboHelp 2019 - Source Code Disclosure Issue

Community Beginner ,
Nov 11, 2020 Nov 11, 2020

Copy link to clipboard

Copied

Hello,

 

We had a small security run on our application as a part of our security check-up cycle. It was informed to our team (Tech Writing team) that the potential security issue is identified in the online help file generated using Adobe RoboHelp 2019. The below mentioned specifics of the issue are quoted from the test report:
 
OWASP Vulnerability  Identified:  Source code disclosure
 
The application appears to disclose some server-side source code written in PHP which is provided below:
 
 <?rh-msp-search-results-start widgettype="searchresult" class="wSearchResults" id="searchresults" role="navigation" ?>
          
                   <?rh-msp-search-highlight-control id="highlightsearch" widgettype="highlightsearch" type="checkbox"
               checked class="wSearchHighlight" id="highlightsearch" textcolorval="#000000" bgcolorval="#FCFF00"
               aria-labelledby="highlightlabel" ?>
 
 <?rh-lng-string lngname="EndOfResults" lngvalue="End of search results." ?>

           <?rh-msp-search-results-end ?>
 
They seem to be appearing in more than one file.
 
Are there any ways to eliminate these codes while generating the output files?
 
If there are no solutions, we will also be fine if we get a confirmation from Adobe team ensuring that the above-mentioned codes do not possess any threat to our application. 
 

Views

121

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Nov 11, 2020 Nov 11, 2020

Copy link to clipboard

Copied

This is something you will have to take up with Support.

 

See https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp for your support contact options.

 

Please use the Blue reply button at the top. It helps keep posts in order.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 11, 2020 Nov 11, 2020

Copy link to clipboard

Copied

You're security tool is missinterpreting this. This is not PHP. These are standard XML processing instructions.

RoboHelp output is not using any PHP.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Nov 18, 2020 Nov 18, 2020

Copy link to clipboard

Copied

Since we used the Responsive HTML5 output format, we expected the results to be only as HTML files.

 

Why are the XML instructions part of the HTML files? 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 19, 2020 Nov 19, 2020

Copy link to clipboard

Copied

Do you have an example where PIs appear in the Responsive HTM5 output?

I just tested it with a couple of sample projects I have and could not find any PIs in the published output except for the XML declaration itself in line 1.

 

That said: RoboHelp does not only produce simple HTML5, but HTML5 in an XML notation. That is, the output is not only HTML5 compliant, but also 100% XML compliant.

Processing Instructions are a normal part of the XML standard. You can read more about PIs here and in the spec here.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Nov 19, 2020 Nov 19, 2020

Copy link to clipboard

Copied

Thank you for the information @Stefan-Gentz . I'll make use of this info for our test report. 

 

To answer your question, those PIs were displayed in the index.html file generated via Responsive HTML option.

 

Please refer below image for more information.

 

ayyasskhan_0-1605795802253.png

 

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 19, 2020 Nov 19, 2020

Copy link to clipboard

Copied

LATEST

Hm. This is in the output? I have never seen this in the HTML5 output. I cannot even find any of this in any file in my project nor anywhre in the output.

That said, the best might be to contact the RoboHelp Support team: tcssup@adobe.com

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Nov 11, 2020 Nov 11, 2020

Copy link to clipboard

Copied

@Stefan-Gentz Does that code appear in the output? I thought it was only in the source skin files? The OP says "in the online help file generated using Adobe RoboHelp 2019".

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Nov 19, 2020 Nov 19, 2020

Copy link to clipboard

Copied

I have never seen it in the output.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Nov 19, 2020 Nov 19, 2020

Copy link to clipboard

Copied

I would try generating with the sample project supplied with RH to see if the output created by that has the same lines you note. If it doesn't, then that means that there's something else going on in your project that's creating those lines.

Also make sure you are all patched up - you didn't mention what exact version of RH2019 you're running.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation