Hi All,
We are about to upgrade from Version 6.2.3 to 6.5.1. It taken a while to get agreements for this.
We have customised skins and wonder how we go about upgrading skins to fix the vulnerability in the Webhelp index page script?
The fix is for default/standard templates so I assume it will not make it through to our customised skins?
Any guidance/help apprecitated.
Kind Regards
Craig
Vulnerability in the Webhelp Index - Upgraded to 6.5.1
Moderators: Alexander Halser, Tim Green
- Craig Clarke
- Posts: 24
- Joined: Thu Aug 01, 2013 9:32 pm
- Location: UK London
- Contact:
- Tim Green
- Site Admin
- Posts: 23184
- Joined: Mon Jun 24, 2002 9:11 am
- Location: Bruehl, Germany
- Contact:
Re: Vulnerability in the Webhelp Index - Upgraded to 6.5.1
Hi Craig,
There are two issues here you need to fix if your customized skin is based on an older skin: Fixing the XXS vulnerability and making the adjustments to adjust for the changes in the Google algorithm that prevents your site from being indexed if the automatic reload for topics accessed with topic.htm instead of index.html?topic.htm is turned on. For the vulnerability fix I would ask you to mail me a copy of your skin at support AT ec-software.com (replace the AT with @) and I will help you out, because I prefer not to post that in the clear on the forum.
Before you do that, if you are using your own skins based on an older version you need to turn the off the automatic redirects and add an automatic link for users so that they can open the TOC manually if they get a topic page on its own.
1) Turn off the automatic redirects
Open your project (if you are not using a skin) or the .hmskin skin file (if you are using a skin) in Help & Manual. Then in the Project Explorer on the left go to Configuration > Publishing Options > WebHelp > Navigation. Locate the option "When a topic is loaded outside the navigation frame, force it to reload the navigation frame" and turn it OF.
2) Add the link to be displayed for topics both with and without headers:
For the version for topics with headers add this above the breadcrumbs navigation code (note that the "sync-toc" and "crumbs" class references are important):
For the version for topics without headers add this directly above the opening <IF_TOPIC_HEADER> condition:
3) Add the CSS for the new link to the <style> block in the <head> section of the page.
The only really important attribute here is "display:none" so that the link is NOT normally displayed. Everything else can be formatted as you like:
4) Add a script snippet that displays the link and hides the breadcrumbs in a position where it will be executed AFTER the page has loaded.
For example in a <script> section down just before the closing </body> tag, or in a jQuery $(document).ready() function block:
That is basically it. If you have problems with implementing this in your skin just let me know when you mail me the skin for the vulnerability fix.
There are two issues here you need to fix if your customized skin is based on an older skin: Fixing the XXS vulnerability and making the adjustments to adjust for the changes in the Google algorithm that prevents your site from being indexed if the automatic reload for topics accessed with topic.htm instead of index.html?topic.htm is turned on. For the vulnerability fix I would ask you to mail me a copy of your skin at support AT ec-software.com (replace the AT with @) and I will help you out, because I prefer not to post that in the clear on the forum.
Before you do that, if you are using your own skins based on an older version you need to turn the off the automatic redirects and add an automatic link for users so that they can open the TOC manually if they get a topic page on its own.
1) Turn off the automatic redirects
Open your project (if you are not using a skin) or the .hmskin skin file (if you are using a skin) in Help & Manual. Then in the Project Explorer on the left go to Configuration > Publishing Options > WebHelp > Navigation. Locate the option "When a topic is loaded outside the navigation frame, force it to reload the navigation frame" and turn it OF.
2) Add the link to be displayed for topics both with and without headers:
For the version for topics with headers add this above the breadcrumbs navigation code (note that the "sync-toc" and "crumbs" class references are important):
Code: Select all
<IF_HTML><p class="sync-toc"><< <a rel="nofollow" href="<%HREF_TOP_PAGE%>?<%HREF_CURRENT_PAGE%>" target="_top">Click to Display Table of Contents</a> >></p>
<p class="crumbs" id="idnav"><b>Navigation:</b>
..... rest of code here</IF_HTML>
Code: Select all
<IFNOT_TOPIC_HEADER><IF_HTML><p class="sync-toc" style="color:#ff0000; margin-top: 5px; margin-left: 5px;"><< <a rel="nofollow" href="<%HREF_TOP_PAGE%>?<%HREF_CURRENT_PAGE%>" style="color:#ff0000;" target="_top">Click to Display Table of Contents</a> >></p></IF_HTML></IFNOT_TOPIC_HEADER>
The only really important attribute here is "display:none" so that the link is NOT normally displayed. Everything else can be formatted as you like:
Code: Select all
.sync-toc { color: #ffffff; font-size: 8pt; font-weight: bold; display: none; }
.sync-toc a { color: #ffffff; text-decoration: none; font-weight: bold;}
.sync-toc a:visited { color: #ffffff; }
.sync-toc a:hover { text-decoration: underline; }
For example in a <script> section down just before the closing </body> tag, or in a jQuery $(document).ready() function block:
Code: Select all
<IF_HTML>if ((!parent.hmNavigationFrame) && (parent.location) && (parent.location.href)) { $('.sync-toc').show();$('p.crumbs').hide();}</IF_HTML>
Regards,
Tim (EC Software Documentation & User Support)
Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Tim (EC Software Documentation & User Support)
Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
- Craig Clarke
- Posts: 24
- Joined: Thu Aug 01, 2013 9:32 pm
- Location: UK London
- Contact:
Re: Vulnerability in the Webhelp Index - Upgraded to 6.5.1
Hi Tim,
Thanks for your kind offer of help.
I'll send you a copy of our skin. I think that we don't need to fix the other issues. Our site is not index by google (help is hosted on a secure server) and we do not provide access to the project without using the index.html? method.
I'll drop you an email.
thanks again
Craig
Thanks for your kind offer of help.
I'll send you a copy of our skin. I think that we don't need to fix the other issues. Our site is not index by google (help is hosted on a secure server) and we do not provide access to the project without using the index.html? method.
I'll drop you an email.
thanks again
Craig