Flare's HTML5 help has been flagged for several vulnerabilities. I'd be curious if anyone else is experiencing this, and how you are addressing them with FOD or other analysis tools.
- Version of jQuery - The current 2018 version of Flare includes a version of jQuery in the web output (v 1.12.4) that has known vulnerabilities. This one was found by a client. MadCap Support acknowledged that there is a feature request to upgrade jQuery, and said it was a high priority. In standard practice, they could not provide a date when it would be included in a patch or release. My guess is it will be fixed in the next full release if not sooner.
- "Sends unvalidated data to a web browser" - Flare targets have an option "Prevent external URLs from frames." This wonderfully-named option is UNSELECTED by default, and it introduces a vulnerability. A malicious Flare author could add a TOC entry to webhelp that appears to open a safe URL (the company website, say), but in reality has a malicious website URL appended (ourhelp.com/index.htm#myhackersite.com). Clicking the TOC entry would take you to the malicious site. SELECTING this option on the target will prevent TOCs or browse sequences from ever opening external web sites. It's explained here.
- "Interprets unvalidated user input as source code". - This one is more problematic. The flagged vulnerability appears to be the fundamental behavior that enables context sensitive web help. It is considered vulnerable to allow a user to append a value to a URL that will be executed without validation. Flare CSH works through this behavior. You append a topic ID to the help URL (myhelp.com/index_CSH.htm#specifictopic). When you follow that link in the browser, the help site "executes" the URL and the help looks for that topic ID. I can't imagine a way that a hacker could use this. If you put in a value that Flare doesn't recognize, it just ignores it.