Hello. Our internal auditors found a serious security issue because of a javascript file generated by RoboHelp in the WebHelp output. The file they identified was whnjs.htm. Here's the description:
This page has javascript which sets a frame on the page to the hash of the URL. This can be used as an injection point for cross site scripting. POC: https://xxx.xxx/WebHelp/whnjs.htm#javascript:alert(1) // Internet Explorer only. Does this mean anything to anyone here? I'm using RH9. I'm hoping just an upgrade to v11 will fix this, as I can easily justify that cost with an issue like this. Thanks, Josh