I am using a partner javascript on my website.
We are adding it by importing by tag.
I wish to limit the access capabilities of the use of this javascript.
How can I manage it's access to different site location and data?
Edit: Additional info
(note: my question is more security handling):
adding script for example:
<script async src='http://www.somewhere.com/somefunctionality.js'></script>
<script>
func1('param1', 'param2');
func2('param3', 'param4');
</script>
The js script is available in the basic site template, so it will available easily in all the site.(e.g. calling it's functions)
But, I wan't to limit his ability to access some areas/data of the site. or perform any unauthorized actions.
Without moving it.
is it possible?
Thanks,
Js
You can run the external library inside of Google Caja. It's designed exactly for this purpose.
Related
Pardon my ignorance, as my knowledge of JS is very shallow.
I'm currently using UnrealJS to connect to a Google Javascript API. UnrealJS basically runs a V8 instance inside the Unreal 4 engine. Considering that there's no conception of a DOM or HTML really inside UnrealJS, I need to be able to link to the external Google JS API script without the script tag:
<script src="some-external-script-url" />
Is there a way to do this? UnrealJS also supports Node.js - so if there's a way to do it with native Node.js, that would work as well. I'v looked into using require() from Node, but it seems to only be available for local scripts.
Apologies if this question is too vague or hard to understand, I will edit it if need be.
I'm not familiar with UnrealJS, but you've mentioned you can run Node code, and require modules. If that's the case, you can use an HTTP/S request to get the remote code, and then use vm.runInThisContext to inject the script into the current context. A sample code can be found in this answer.
A new client of mine has asked to write a script (javascript) to track specific events to be reported in google analytics. The client is using TYPO3 as CMS.
Now, I know that there are a lot of answers to this question. I just wanted to know if there is any way to add an external script without using Typoscript or entering the "typo admin panel" (is this even the name?), because i do not have access at the moment.
I have more experience in wordpress, so a solution like adding a hook or even a plain script tag in, lets say the typo3 "template.php", "index.php", or whatsoever would be very nice. Does anybody know if that is possible?
No this is not possible. TYPO3 has a clear separation of code, configuration (TypoScript) and templates - unlike Wordpress which is a big mess of everything.
As written by Fabian Thommen, you could try to change one of the templates, but this depends on how the site is setup.
You can always create an admin account in the Install Tool as long as you have file system access to the typo3conf/ folder.
I need to code a webpart which purpose is to asynchronously fetch some documents and display them into an existing page. Unfortunately I have to face a lot of rescritcions and my struggle to find a solution seems useleess so far.
1) I cannot use Microsoft asp.net ajax
2) I must use Jsonp because the called service (page, whatever...) is outside the site's domain. That's not a big problem.
3) I have no possibility to alter the existing page code, so I cannot reference an external library such as JQuery.
4) For the same reason I have no possibility to call my methods on the window.onLoad event, so here the question is: how can I be sure that everything is correctly loaded before triggering my ajax call?
5) Since several instances of the same webpart can be placed into the same page, can there be some possible conflicts among the various js functions?
D'oh
D'oh #2
jQuery is just a wrapper for native JavaScript calls. If you can, get them to waive this restriction because if you're doing anything remotely complex you're going to go insane over browser compatibility.
Use _spBodyOnLoadFunctionNames.push(functionName) to accomplish this.
Depends entirely on the JS coming in. We'd need more clarification.
Can't you just call the 3rd party page using server-side code (e.g., WebClient)? You may have to adjust the site's trust levels for this.
For client-side, I believe you can still "inject" the jQuery code into the markup.
Best way to use Google's hosted jQuery, but fall back to my hosted library on Google fail
<script type="text/javascript">
if (typeof jQuery == 'undefined')
{
document.write(unescape("%3Cscript src='/path/to/your/jquery' type='text/javascript'%3E%3C/script%3E"));
}
</script>
What about using a page viewer web part to display the page that is hosted elsewhere (ie not on your SharePoint server)? That page could retrieve the documents for you.
I am working on a Yahoo! App which requires certain external Javascript Frameworks to be loaded and used. Also in the Yahoo! App Best Practices Guide, it is also mentioned that the sources should be externalized, however, externalization isn't working for me.
I am using the standard procedure to load the external JS file like the following:
<script src="http://www.google.com/js/nxsl.1.js"></script>
But the above statement is giving me an error that external sources are not allowed.
Is there any way to use external JS files as I don't want to include all of my JS Login inline, it doesn't make sense to me and majorly my code won't be re-usable.
Any thoughts ?
Take a look at Yahoo's Get utility. It's part of their YUI library. It enables cross-site loading and is easy to use. You can read about it here:
http://developer.yahoo.com/yui/get/
I'm programming in Javascript and PHP. I've created a simple website that allows to fill in a quizz and get result. Now I would like to give users opportunity to embed this quizz on their website. How to do this? It should work in some near manner like Google Gadgets, Adsense and that: that so when someone will put my html code (with JS?) on their websites, quizz will display and work on their site.
Do you know any tutorials about doing such things or tips for me how to start searching and learning about it?
The easiest way, which is also best performance- and security-wise, is to use <iframe>. Just create small version of your page for embedding.
<script> is loaded synchronously and gets access to site's cookies, so it's not a good solution for embedding.
If you just ask your users to embed <script> in place where they want the gadget to be, you'll be able to generate markup with document.write (easy, works in HTML only).
A better way is to ask users to invoke function from your script that inserts code into selected DOM node (using W3C DOM). This allows smarter webmasters to load script asynchronously. SWFObject is designed like that.
If you need to use PHP you could tell your server to parse a .js file as PHP:
<Files quiz.js>
ForceType application/x-httpd-php
</Files>
In the quiz.js file, use PHP code to retrieve questions from a database or whatever. Then, set mime-type headers to Javascript and output Javascript code.
Though as porneL says, using an iframe is simpler. That's what Google Gadgets does.