Enter values from a spreadsheet into Javascript form - javascript

I have a lot of data entry ahead of myself and looking to automate it a little. Part of my work involves entering confidential scoring values via a secure Javascript form; the values exist in a Google spreadsheet (think "Good" or "Bad" or "Average" as an example of one of the parameters). I've done it for years manually but trying to see if there's an existing script someone has for this exact purpose. I'm a terrible programmer :(
Thanks to any who may have some advice.

Some more information about the javascript form would be helpful. Is it publicly accessible (ie. could a script even reach it)?
Zapier has some tools that let you sync spreadsheets with other systems without writing code but it depends on your specific system:
https://zapier.com/apps/google-sheets/integrations
Google also has some sample scripts that you can repurpose, but some coding might be required to make them work with your system:
https://github.com/gsuitedevs/apps-script-samples/tree/master/sheets

Related

How to store and make changes to a database within a Chrome Extension?

I'm currently working on a Chrome Extension which searches for specific content within webpages.
Now, my idea is to build a Database based on the correctness of this search result (which would be verified by the users), so it can be more accurate in these searches as the database grows. Kind of like a Machine Learning process I guess.
I'm fairly new to programming and I would like your advice on what are the best possible ways to do this.
Currently I just have JS/HTML/CSS, and it seems to me that I'm gonna need some other language.
A single CSV that the Extension could read/write would be enough for this, I think. Or something with SQL.
Thanks in advance!
You have to compose and post a CRUD command to a web server page (a server you own or you controll)
That page can be written in php, asp.net..
Web server page receive the CRUD command and run the relevant statement on your database via OBCD driver (or other similar driver)
Normally the web server page then responds, as a result of your post, with a message (text, xml, json) that makes you understand if the command has been successfully executed or not.
EDIT 04/30/2021 16:24 Rome Timezone
you say:
which would be verified by the users
what did you mean exactly?
more users together contributes to make the shared database better ?
or every single user contribute by itself to make his own database better ?
if one then my previous answer could be a good start point.
if two, forget my previos answer a think to build a indexedDB within your extension.
Read a csv or txt file through XMLHttpRequest is not a problem, but how do you thing to write the same file with the same tool (XHR) ?
You could think about a Google public spreadsheet.
"Google Sheets" allows you through an "endpoint url" and a set of API to insert new rows\records and to read the entire content of the spreadsheet
or (if I remember correctly) part of its content.
I state that it's now 2 years or maybe more since I got interested in Google Sheets.
Based on the information in my possession, perhaps outdated,
I can tell you that "Google Sheets" it is a path that I DO NOT advise you to follow.
First, because spreadsheet url being public would allow an attacker to pollute your DB by inserting many rows\records
by simply typing a url in the browser's address bar or creating a simple bot that inserts thousands of lines in a while.
Second, because that set of API do not allow you to implement very sophisticated queries (certainly not at the database level).
If you are really interested in Google Sheets I suggest you check what I have just stated.
If you have to "waste" energy to learn something new
I would suggest you to give priority to SQL and then to a server-side programming language (php, asp.net, node.js)
However, a free space hosting service with php and mySQL support is not too difficult to find.

How can I automatically retrieve texts of emails and further scrape them?

My business has hundreds of incoming emails daily and my plan was to have the sorting and answering at least partly automated. I know that using JavaScript it would be possible to select those elements on the webpage (i.e. in my inbox) that are email tabs but, as far as I'm concerned, I can't implement cursor movement and clicking in JavaScript to open up the emails one-by-one and copy-paste their contents into a separate file. I want to collect and analyze the texts from incoming emails, classify them based on topics using a large set of keywords, and, once the grouping is finished, assign sample answers to these messages that only have to be proofread and then can be sent out.
My idea was to use Python because it is quite convenient to move the cursor in Python. However, I can't seem to figure out how can I analyze information that is currently on the screen, so that the program can "see" if there are any new emails. In JavaScript this seemed easier, I don't know if it is even possible using Python though.
I am using Windows.
Am I on the right track? Or totally wrong? Maybe I should consider another programming language? Thank you for your insights in advance.
As far as i understand you need to automate the functionality of collecting information in emails to a separate file for further processing. For this I think you can use Selenium Web automation tool (Python) . It is normally used for web site testing. But can be used in use cases like you mentioned. Hope this helps.
https://selenium-python.readthedocs.io/
https://pypi.org/project/selenium/

Can I limit who can view a .js file while allowing my webpages to view whats contained within?

The question may seem vague, so i'll state what I want to do in my project and how i'm going about it.
I create estimating workbooks in excel that operate like fully executable programs with a GUI using VBA. The workbooks themselves are used to estimate specific projects. For example, I've created workbooks for estimating basement developments, kitchen renovations, bathroom renovations and other residential renovation projects.
The back end sheets contain the formulas for estimating different tasks and trade/material pricing. In the back end of these workbooks is the mark-up and margin values. The great thing about it, is I can lock the access to the sensitive information so that only select few people can view or modify the values. The front end of the workbook allows the estimators that work for the companies I build these for, limited access. It also reduces the amount of errors an estimator can make.
At this point, i'm building a web app using Javascript/jquery to increase my client base. With the excel workbooks, only those using excel can work with the workbooks due to, as I understand, excel being the only program that can run VBA macros.
The Problem:
Due to my limited knowledge of PHP and SQL, I havent set up a database to store and PHP files to retrieve information.
To get around this, I'd like to store all of my global variables in a separate .js sheet, inaccessible from the developer tools on any browser. This way I can hide from my clients competitors and clients the information on profit margins and individual costs of their projects. A separate sheet would also make it easier to update values. I would also like to hide the general structure and framework so that it can't be easily imitated or copied.
Maybe there is another solution to what I'm looking for?
Thanks for your help in advance!
No. If you need some information to show a webpage and don't have any server-side code, the information must be in the user's browser.
On the other hand, I never tried writing or hacking VBA so I don't know how hard that is, but conceptually it simply can't be different: if you compute something on untrusted client's computer, the data used in the computation is not secure.

Can excel fill in certain fields based on variables from a website?

Our ecommerce platform will does not currently create invoices. I have an invoice template that I currently use in excel, so I essentially just copy and paste about 8 points of data from the ecommerce platform to the spreadsheet, then print it out.
Even though the ecommerce platform does not create invoices, that data can be sent anywhere I would like, including a website or email, so I've used it to automatically notify me of certain purchases via email.
What I am wondering is since the variables (eg. user_address) are always the same that are sent from the platform, can that information somehow be sent to an excel spreadsheet (my template), which will then be populated by the appropriate variables, so all that's left to do is print it out?
I'm not really a programmer, so any code snippets you can provide or some idea of whether or not this will take a programmer would be appreciated.
Yes, check out Apache POI, this would let you create something in Java, perhaps a servlet, that would catch the data from your ecommerce app and make a spreadsheet.
Alternatively you could make a Google Spreadsheet and an associated form and write some intermediary script in whatever language you like that will send the right post variables to the Google form from the ecommerce app. I would expect this solution to be much less involved.
I would suggest taking a look at APIs like JExcel, which lets you read/write cells of an Excel file using Java. If you send your data to an Excel file, and then pull it out using this package, you could get the desired results. You may still need a programmer for this method, although there would not be a lot of work involved.

What precautions should I take before I let client add javascript to a webpage?

Question: What precautions should I take when I let clients add custom JS scripts to their pages?
IF you want more details:
I am working on a custom CMS like project for a company, The CMS has number of "groups" that each subscriber "owns" where they do their own thing.
The new requirements is that some groups want to add google analytics to see how they are doing. So I naturally added a column in the table and made code adjustements so if there is some data in that column, I just use the following line in master page to set the script out:
ScriptManager.RegisterClientScriptBlock(Page, typeof(Page), "CustomJs", CustomJs, true);
It works just fine, only, It got me thinking...
It's really easy for someone with good knowledge of how to access cookies etc from from js. Sure, each group is moderated and only super admin can add this javascript, sure, they wouldn't be silly enough to hack their own group. Each group has their own code so its not possible to hack other groups BUT STILL
I am not really comfortable in letting user's add their own javascript codes.
I could monitor each group myself, but the groups are growing really quick and I will hit a time when I will no longer be able to do that.
So, to brief it up: What precautions should I take to avoid any mishaps ?
ps: did try to google, no convincing answers anywhere.
Instead of allowing the users to add their own Javascript files, and given that the only requirement here is for google analytics, why not just let them put their analytics ID into the CMS and if it's present, output the relevant Google Analytics code?
This way you fulfill the users requirement and also avoid the need to protect against malicious scripting.
Letting users use Javascript is in general, a very bad idea. Don't do it unless you have to.
I once I had a problem where I need to let clients use Javascript, but, the clients weren't necessarily trusted, so, I modified cofeescript so that only a small subset was compilable to javascript, and it worked pretty well. This may be waaaay too overkill for you.
You should not let your users access cookies, that's always a pain. Also, no localStorage or webSQL if you're one of the HTML5 people, and, no document.write() because that's another form of eval as JSLint tells you.
And, the problem with letting people have javascript is that even if you believe you have trusted users, someone may get a password, and you don't want that person to get access to all the other accounts in the group.
Automatically recognizing whether some JavaScript code is malicious or sandboxing it is close to impossible. If you don't want to allow hacking your site you are left with only few options:
Don't allow users to add JavaScript at all.
Only allow predefined JavaScript code, e.g. for Google Analytics.
Have all custom JavaScript inspected by a human before it is allowed to display on the site. Never trust scripts loaded from third party sites - these can change from one day to another and turn malicious.
If you have no other choice, you may consider separating path/domain of user javascripts (and cookies).
For example your user have page:
user1.server.com
and you keep user pages at
user1.server.com
So, if you set session cookies to the user1.server.com, it'll render them unobtainable for user scripts from other domains (e.g. user2.server.com).
Another option may be executing all user's javascript at server JS engine (thus controlling all it's I/O and limiting access to browser resources).
There is no simple and easy solution anyway, so better consider using options from other answers (e.g. predifined script API, human inspection).

Categories