google apps script & picker in iframe - html

The problem with displaying google picker in apps script when placing the script in a iframe of another web site. When you call the picker, a white square is displayed.
Not in the frame of another web site, the picker works fine.
HtmlService google apps script
function doGet() {
return HtmlService.createTemplateFromFile('form.html')
.evaluate()
.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);}
https://stackoverflow.com/questions/40842627/embedding-google-apps-script-in-an-iframe#answer-40843413
The picker is based on this documentation -
https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs
I decided to try a demo premium script File Upload Form.
https://ctrlq.org/code/19747-google-forms-upload-files
Will insert the script into the frame, but the result was similar - an empty white square.
https://script.google.com/macros/s/AKfycbxlX3r_dt_ZLZC9TqloaqtdextROJoIH9mUDu3MWOiXtI6ADhqb/exec
Example
http://jsfiddle.net/qqq7df51/
Whether it is possible to solve this problem.

I know that this is an old post, but it was the closest that met the search for the white-blank picker issue when the Google Picker is called from a Google Apps Script web app with the error.
Incorrect origin value. Please set it to - (window.location.protocol + '//' + window.location.host) of the top-most page
The suggestion in the error log didn't work for me, but I found a clue here.
My solution was to set the Picker site origin to the site that my iFrame was in.
For example, if I embedded my web app in 'https://www.example.com' then my picker method would be:
.setOrigin("https://www.example.com")
An example of the full constructor might look like this:
//Builds the picker
const picker = new google.picker.PickerBuilder()
.enableFeature(google.picker.Feature.SUPPORT_TEAM_DRIVES)
.setOAuthToken(config.oauthToken)
.addView(view)
.setDeveloperKey(config.developerKey)
// .setOrigin(google.script.host.origin) // Don't use this.
.setOrigin("https://www.example.com") // Add your base URL here.
.setSize(DIALOG_DIMENSIONS.width,
DIALOG_DIMENSIONS.height)
.setCallback(pickerCallback)
.build()

If you intend to use Web App project as standalone and as embedded version at the same time, the same file picker will require different origin urls. To avoid hard-coding and chaning urls, I just get the right one from ancestorOrigins. It's the last one in array.
var url = window.location.ancestorOrigins[window.location.ancestorOrigins.length-1];
new google.picker.PickerBuilder().setOrigin(url);

As mentioned in Enum XFrameOptionsMode,
Setting XFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developer should implement their own protection against clickjacking.
With this, you may want to check implementation of protection against clickjacking. Try to add the X-Frame-Options HTTP Response header to any page that you want to protect from being clickjacked via framebusting.
For more information, visit Clickjacking Defense Cheat Sheet.

Related

How to open a browser window from the Google Calendar Add-on

I'm trying to open a browser window using a Google Calendar add-on.
I've seen apps doing this, but I can't find any documents to support this option.
The methods found in Google Docs only have options to use the SpreadsheetApp, but this is not available in the calendar.
Any idea how this is achievable?
This is the expected behavior I'm looking for.
Upon clicking "NEW", a browser window should open.
var button = CardService.newTextButton()
.setText("OPEN")
.setTextButtonStyle(CardService.TextButtonStyle.FILLED)
.setOpenLink(CardService.newOpenLink()
.setUrl("https://google.com")
.setOpenAs(CardService.OpenAs.OVERLAY)
.setOnClose(CardService.OnClose.RELOAD_ADD_ON));
This is what I was looking for.
No need to use SpreadsheetApp

How to get the DOM elements of the active page in google app script from add-on

I am currently developing a google calendar add on . And I need to access the DOM of the current active page from the add On
I need to know how to get the DOM element in app script for google add on
Problem
Unfortunately, at the day of this answer there is no functionality in Apps Script to get the DOM of any site.
Workaround
Try using a chrome addon as these might let you get the DOM of sites. Here you can find out more about chrome add ons.
I hope this has helped you. Let me know if you need anything else or if you did not understood something. :)

Google Chrome extension - integrate with Google Calendar

How can a Chrome extension alter the Google Calendar event editing UI?
I see that, for example, the Moxtra extension has managed to inject UI including a button just below the location. According to their YouTube video they added a button to fill out the event description although when I installed Moxtra this no longer seems to work.
Stepping back from this a bit, it occurs to me that editing the Google Calendar page seems like something that could easily get messed up by future changes to Google Calendar. Perhaps it is better to edit the event description from the extension's own UI? If so, how can that be done?
Thanks.
It can be done with content scripts and modification of the DOM.
They probably check Event edit page for specific selectors and try to insert their own elements in the page, if they found it.
So, if UI of Google Calendar will change, extensions like Moxtra will be probably also broken.
You are right about the edit of the description - it's safer. But you still need to get a description field and change a content of it. There is no 100% safe way to do it and don't break on the change of UI.

Pop out Google Picker from IFRAME in Google Sites Apps Script Gadget?

So I made this google apps script to use the google picker on my google sites webpage. The apps script is inserted into the webpage via the google apps script gadget. This all functions as I intended, however, it does not behave the way I'd like it to or expected. Everything is rendered inside the requisite IFRAME. And from what I can find and tried, this has to be the case (please correct me if I'm wrong). This requires me to provide the screen real estate to show the picker even when it's not visible - which is pretty poor design. Does anyone know a way around this? That is, to make the picker modal to or pop out of the IFRAME instead stuck inside it?

"Add to Google Calendar" link working when clicked on tutorial site but not when I use it in my own

I am using this guide to better understand how calendar events can be created with HTTP GET requests for Yahoo and Google Calendars. The "Add to Google" calendar link on that page works perfectly for me (opens my Google calendar with a new event with information populated automatically). When I take the format of the link and add my own information, or even just copy and paste the exact same link into my own application, it stops working correctly. My Google Calendar opens with a new event form, but none of the information is being populated correctly. Here is the link as used in the guide:
http://www.google.com/calendar/event?action=TEMPLATE&text=Joe's+40th+Birthday&details=Joe+turns+40+just+this+once&dates=20111212T190000/20111212T200000&location=Gillette+Stadium
Anyone know why this would just stop working when accessed in any way other than clicking on the link in the guide?
The URL above has several & symbols in it, meaning the Google Calendar page is not getting the parameter names it is expecting. When you remove & and replace them with a plain &, it works as expected. Without seeing your code, I would you suggest you try adding .html_safe to the end of whatever you are using to generate the URL.