google-caja

Google Caja: Sample html4 def file?

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-24 09:19:04
问题 I'm trying to implement this Introduction Tutorial to sanitize HTML using Caja's JSHtmlSanitizer. I'm getting a reference is not defined error at line 1056 in html-sanitizer.js because the variable html4 is undefined. I believe this is a definition file. Where can I can get a sample of this definition file? I think I found a very old def file that dates back in 2008 and it's no longer in the latest version of the repo. 回答1: The HTML defs file is built from the schema JSON by Caja's build

Can we use Google Chart Tools with Google Script HtmlService

血红的双手。 提交于 2019-12-21 21:46:40
问题 I would like to use Google Chart Tools in Google Scripts using the HtmlService. But I do not know if caja will allow to inject script to show a chart. My first tests give me blank pages. Does anyone know if it is at least possible ? I know Google Script provides 'Charts' service, but the features are limited compared to what allows Google Chart Tools. Thanks, 回答1: If you look at the HtmlService documentation under the Caja section, https://developers.google.com/apps-script/html_service#Caja

Browser Pop up in Google Apps Script

假如想象 提交于 2019-12-18 13:48:24
问题 Background: I have prepared a form in HTML Service in Google apps script which I call with DoGet function from Code.gs. my doget function function doGet() { return HtmlService.createTemplateFromFile('HTMLUI').evaluate(); } Once published it presents a simple browser form with some labels, input box, submit, reset and find buttons on it. The user(s) will input information click submit and the data will get stored in a spreadsheet (background). - Working fine till here. Now when the user clicks

Link sharing - Google Caja HTML Sanitizer

你离开我真会死。 提交于 2019-12-13 02:48:00
问题 I'm trying to tackle the classic "user input sanitisation" problem on my new web app and I chose to use Google Caja's HTML Sanitizer server-side for this task. Although the implementation + testing went fine, I still have some questions : 1) I could only find the HTML4 definitions, does this mean that HTML5 tags wouldn't be safe ? I did some tests with HTML 5 specific tag / attribute XSS's and although none of them worked I'm not 100% sure that some untested ones wouldn't work. 2) Google Caja

App Script HtmlService use with font like Google Web Fonts?

老子叫甜甜 提交于 2019-12-12 15:10:17
问题 I trying to do one (!) page with the app script HtmlService but want to have specific web fonts. I added the CSS code for the web fonts, and integrated it with my CSS. It's not working. I suspect Google Caja (HtmlService is going through the Caja filter) not being able to work with web fonts. Would you know if I am doing something wrong with HtmlService, or if there is any other way to have web fonts through the filtering of Caja? <link href='http://fonts.googleapis.com/css?family=Fugaz+One'

Unable to serve download links in google apps script

元气小坏坏 提交于 2019-12-11 09:31:50
问题 UPDATE: I have found a solution. This doesn't necessarily address every case, so I will leave the question open for a short time in case someone can enlighten me more. I solved it by changing the format of the url: Google Drive allows this format for downloading files: https://docs.google.com/uc?export=download&id=FILE_ID So I don't know if this is a problem for other URL's; nor actually exactly why the .getDownloadUrl() doesn't work ... maybe someone can explain. But for now this seems to

Angular JS in Google Apps Script

孤人 提交于 2019-12-11 02:57:58
问题 Does Angular JS will be supported by Google Apps Script? I am able to use external Library like jQuery, UnderscoreJS but not Angular JS? Any idea about when CAJA will support Angular JS? 回答1: Google Apps Script supports Angular JS . You need to use the full version (not minified) . There are some issues on firefox, but works fine mostly. You can use angular with following change in your appscript file. var ui = HtmlService.createHtmlOutputFromFile('myPage') .setTitle('My Title'); ui

Google caja - Block malicious code

让人想犯罪 __ 提交于 2019-12-08 08:12:30
问题 I need safe html on my website. I read though the caja guide and I am not sure if I understand the conecpt. https://developers.google.com/caja/docs/gettingstarted/ I think it goes like this: User submits malicious content to my db I want to render it. Caja recognizes the malicious code and blocks it. But how do I render it though caja? They don't explain this on their page, they only show how to replace the code. <script type="text/javascript"> document.getElementById('dynamicContent')

How to open a URL link from JavaScript inside a Google Apps Script HTML Google Site Gadget

橙三吉。 提交于 2019-12-08 07:52:03
问题 I have written an HTML (not UI) gadget in Google Apps Script to be embedded in a Google Site. The gadget presents a drop-down with options that contain URL/display name value/text pairs. I want to put a button in the gadget that opens a new window corresponding to the selected URL. But, basically, I get an "Object does not contain an 'open' method" error when I execute window.open(url); Is there a way around this? I can (and have) created gadgets with anchor tags that successfully open other

Can we use Google Chart Tools with Google Script HtmlService

纵饮孤独 提交于 2019-12-04 16:42:39
I would like to use Google Chart Tools in Google Scripts using the HtmlService. But I do not know if caja will allow to inject script to show a chart. My first tests give me blank pages. Does anyone know if it is at least possible ? I know Google Script provides 'Charts' service, but the features are limited compared to what allows Google Chart Tools. Thanks, If you look at the HtmlService documentation under the Caja section, https://developers.google.com/apps-script/html_service#Caja it says that included libraries are sanitized and so far only JQuery is supported. Since Chart Tools depend
订阅 google-caja