If you publish your RoboHelp project to the Responsive HTML5 or WebHelp output formats, the published content is vulnerable to certain hacks by malicious users.
It was found that a hacker can do any of the following from the published output:
- Execute malicious code by entering the code in the browser URL of the published output
- Store malicious URLs in the cookies that are created by the published output
- Display content from malicious URLs within the published output
The fix for Responsive HTML5 output described in the following procedure is not required if you are using RoboHelp (2015 release) Update 4.
If you are using layouts already created from Theme Standard or Theme Black, the layout.js file described in the following steps needs to be updated in those layouts:
To resolve the cross-site vulnerability issue for WebHelp output in RoboHelp 11, perform the following steps: