Cross-site scripting vulnerability

Cross-site scripting vulnerability

Išči
RoboHelp (2015 release) Navodila za uporabo

Na tej strani

Velja za: RoboHelp (2015 release) RoboHelp 11

某些 Creative Cloud 应用程序、服务和功能在中国不可用。

Issue

If you publish your RoboHelp project to the Responsive HTML5 or WebHelp output formats, the published content is vulnerable to certain hacks by malicious users.

It was found that a hacker can do any of the following from the published output:

  • Execute malicious code by entering the code in the browser URL of the published output
  • Store malicious URLs in the cookies that are created by the published output
  • Display content from malicious URLs within the published output

Opomba:

The fix for Responsive HTML5 output described in the following procedure is not required if you are using RoboHelp (2015 release) Update 4.  

Solution

To resolve this issue for Responsive HTML5 output, perform the following steps:

  1. Go to your RoboHelp install location:

    RoboHelp 2015:
    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 2015\RoboHTML

    RoboHelp 11:
    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 11\RoboHTML

  2. Take backup of the following folder:

    • ResponsiveHelpExt

  3. Extract the contents from the attached archive.

    Prenos

    Pridobivanje datoteke
    RoboHelp 2015

    The archive contains the following folder:

    • ResponsiveHelpExt

  4. Copy the extracted folder and paste it into the RoboHelp install directory specified in Step 1.

    When you are prompted, click Yes to merge these folders with the existing folders.

  5. Regenerate the Responsive HTML5 output.

If you are using layouts already created from Theme Standard or Theme Black, the layout.js file described in the following steps needs to be updated in those layouts:

  1. Open the project folder for each of your RoboHelp projects.

    Your project folder contains a !ScreenLayout! folder that further contains one folder for each RoboHelp layout that you have used for this project.

    Note: The layout folder name is based on your project name.

  2. Extract the following zip archive.

    Prenos

    Pridobivanje datoteke
    Layout folder

    The archive contains one the following folders:

    • theme_created_from_-Theme1_Standard-
      This folder contains the layout.js for the Standard theme
    • theme_created_from_-Theme3_Black-
      This folder contains the layout.js for the Black theme

  3. In your project folder, overwrite the layout.js in each of the corresponding layout folders.

  4. Regenerate the Resposive HTML5 output.

To resolve the cross-site vulnerability issue for WebHelp output in RoboHelp 11, perform the following steps:

  1. Go to your RoboHelp install location:

    <Drive>:\Program Files (x86)\Adobe\Adobe RoboHelp 11\RoboHTML\WebHelp5Ext\template_stock

  2. Take backup of the following file:

    • whutils.js

  3. Extract the contents from the attached archive.

    Prenos

    The archive contains the following file:

    • whutils.js 

  4. Copy the extracted whutils.js file and paste it into the RoboHelp install directory specified in Step 1.

    When you are prompted, click Yes to overwrite the existing file.

  5. Regenerate the WebHelp output.