If you publish your FrameMaker documents to the Responsive HTML5 output, the published content is vulnerable to certain hacks by malicious users.
It was found that a hacker can do any of the following from the published output:
- Execute malicious code by entering the code in the browser URL of the published output
- Store malicious URLs in the cookies that the published output creates
- Display content from malicious URLs within the published output
The updates described in this article, will be available in the next FrameMaker patch.
If you are using layouts already created from Theme Standard or Theme Black, the layout.js file described in the following steps needs to be updated in those layouts:
You need extract the contents of the .sts file associated with your Responsive HTML5 publish setting.