How to fix security vulnerabilities in WebHelp output | RoboHelp (2015 release)

Cerca
RoboHelp (2015 release) Guida utente

Su questa pagina

Prodotti interessati: RoboHelp (2015 release)

某些 Creative Cloud 应用程序、服务和功能在中国不可用。

Issue: WebHelp output generated from RoboHelp (2015 release) is vulnerable to certain hacks by malicious users

If you publish WebHelp output for your project, the published content is vulnerable to certain hacks by malicious users.

It was found that a hacker can do any of the following from the published output:

  • Execute malicious code by entering the code in the browser URL of the published output
  • Store malicious URLs in the cookies and redirect users to another URL
     

Solution

 

 

To resolve these issues, perform the following steps:

 

  1. Go to the RoboHelp install location:

     

    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 2015\RoboHTML

  2. Within the install location, take a backup of the WebHelp5Ext folder and ehlpdhtm.js file.

  3. Download and extract the contents from the following ZIP files.

    Scarica

    Ottieni file
    Download WebHelp5Ext folder
    Ottieni file
    Download ehlpdhtm.js file

    The WebHelp5Ext.zip file contains the updated version of the WebHelp5Ext folder
    The ehlpdhtm.zip contains the updated version of the ehlpdhtm.js file
     

  4. Copy and paste the newly extracted WebHelp5Ext folder and ehlpdhtm.js file into the RoboHelp install location.

    When you are prompted, click Yes to merge and overwrite the existing files.

  5. Regenerate the WebHelp output.