Cross-site scripting vulnerability

Issue

If you publish your RoboHelp project to the Responsive HTML5 or WebHelp output formats, the published content is vulnerable to certain hacks by malicious users.

It was found that a hacker can do any of the following from the published output:

  • Execute malicious code by entering the code in the browser URL of the published output
  • Store malicious URLs in the cookies that are created by the published output
  • Display content from malicious URLs within the published output
Note:

The fix for Responsive HTML5 output described in the following procedure is not required if you are using RoboHelp (2015 release) Update 4.  

Solution

To resolve this issue for Responsive HTML5 output, perform the following steps:

  1. Go to your RoboHelp install location:

    RoboHelp 2015:
    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 2015\RoboHTML

    RoboHelp 11:
    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 11\RoboHTML

  2. Take backup of the following folder:

    • ResponsiveHelpExt
  3. Extract the contents from the attached archive.

    Download

    The archive contains the following folder:

    • ResponsiveHelpExt
  4. Copy the extracted folder and paste it into the RoboHelp install directory specified in Step 1.

    When you are prompted, click Yes to merge these folders with the existing folders.

  5. Regenerate the Responsive HTML5 output.

If you are using layouts already created from Theme Standard or Theme Black, the layout.js file described in the following steps needs to be updated in those layouts:

  1. Open the project folder for each of your RoboHelp projects.

    Your project folder contains a !ScreenLayout! folder that further contains one folder for each RoboHelp layout that you have used for this project.

    Note: The layout folder name is based on your project name.

  2. Extract the following zip archive.

    Download

    The archive contains one the following folders:

    • theme_created_from_-Theme1_Standard-
      This folder contains the layout.js for the Standard theme
    • theme_created_from_-Theme3_Black-
      This folder contains the layout.js for the Black theme
  3. In your project folder, overwrite the layout.js in each of the corresponding layout folders.

  4. Regenerate the Resposive HTML5 output.

To resolve the cross-site vulnerability issue for WebHelp output in RoboHelp 11, perform the following steps:

  1. Go to your RoboHelp install location:

    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 11\RoboHTML\WebHelp5Ext\template_stock

  2. Take backup of the following file:

    • whutils.js
  3. Extract the contents from the attached archive.

    Download

    The archive contains the following file:

    • whutils.js 
  4. Copy the extracted whutils.js file and paste it into the RoboHelp install directory specified in Step 1.

    When you are prompted, click Yes to overwrite the existing file.

  5. Regenerate the WebHelp output.

 Adobe

Get help faster and easier

New user?