i've made a webpage where i used a code that i found on the internet. in this code is a link to an ajax page. I uploaded my html and css to a webserver, now i get a message "this website is trying to load unverified sources". is it possible to copy this code to a file and add this this to my webserver, so the message doesn't appear? thanks in advance.
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
Yes. Just copy jquery.min.js to local folder and update script source to point local JavaScript jquery.
I think this is a security issue.
Try like this:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
Enjoy.
Related
I got a number of Google Apps Script Web Apps. They all use image files, Materialize.min.css, and materilize.min.js sitting on other servers. I wanted to move all those files under my control onto my google drive. I've been successful with the image files and the materialize.min.css, but for some reason the maerialize.min.js is causing problems.
For the CSS files I used to use
link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css" /
I now use
link rel="stylesheet"
href="https://drive.google.com/uc?export=view&id=1UQ_tm8_bUOXWj1GdzS8JmkehwVf5sW3A" />
And it all works well.
For the JS files: I used to use
<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js"></script> <?!= include("page-js");?>"
I've tried
<script src="https://drive.google.com/uc?export=download&id=1SkfRcC1jQwNLRVEUPgjQHSUkEFdg1BND"></script> <?!= include("page-js");?>"
Also tried export=view
I get the runtime error
userCodeAppPanel:47 Uncaught ReferenceError: M is not defined at HTMLDocument.
So it seems to read the file, but doesn't seem to load the js????
I'm not sure how to fix it.
Any suggestions would be appreciated.
Update:
As noted by chris in this comment, you maybe able to simply change the file extension to a txt or a css file to bypass all security restrictions.
The URL should be of format:
https://drive.google.com/uc?export=download&id=###fileId###
This is because Google Drive recognizes that this is a js file and doesn't allow a direct link, but redirects to a warning page which requires a confirmation by the end user(using a query string confirm=**** as described here). Unfortunately, I don't think it's possible to retrieve this confirmation token client side due to CORB.
Workaround:
Create a simple web app function doGet()
Return data using ContentService
Use the published web app url in script src
I was trying to see the source code of this website so that I could experiment with it.
https://supermedium.com/superframe/components/audioanalyser/examples/volume/
So, using the 'view page source' option (right click), I copy-pasted the code into https://glitch.com/. Unfortunately, it didn't do any of the animation or audio! Could anyone please help? I have a project coming up soon and it would be really helpful. Thank you!
copy-pasting will not work mainly because of these lines:
<head>
...
<script src="../build.js"></script>
<script src="../components/audioanalyser-volume-scale.js"></script>
...
</head>
those are relative paths that won't be pointing to the correct resources. You would need to recreate the folder structure and include those files or rewrite it so it is accessible
I've just finished building my first web app using AngularJS and Firebase for my real time database. When I run it on localhost everything I want it to do is working good for me. However, when I've loaded it up to Firebase Hosting and gone and opened it, the files haven't loaded correctly.
My CSS file is blank and both my app.js and maincontroller.js files have all of my index.html code in them instead of the JavaScript code that should be there.
Here is a link to my app so you can see what I am talking about.
I've been unable to find any answers for what is causing this/what I'm doing wrong. If anyone is able to help it'd be greatly appreciated.
Here's your problem, from the source of index.html:
<script src="projects/web\ design/in.out/public/app.js"></script>
<script src="projects/web\ design/in.out/public/maincontroller.js"></script>
You have local path names in your <script> tags when they need to be relative to the public directory. These should be changed to /app.js and /maincontroller.js respectively.
Ok, sorry for not wording the question correctly, and im not so good with words, but I was wondering, since you can get the scripts in HTML from the web, ex: <script src='something'></script> How do you make it to where you can put in your own src? Again, sorry for not being able to word this good, but if you understand could you please help me out.
Just put the path to the script where is says src. ie: <script src="js/app.js"></script>
The value of the src attribute is just a URL.
Make the server return a resource (for that URL) with an application/javascript content-type and a JavaScript program as the content. This is usually achieved by uploading a text file, with a .js file extension, containing your JavaScript.
I host a website, and I need to hide a script src. For example,
script src="main.js"
would need to be
script src="main.js"
but it would be unclickable. I realize this isn't the most well phrased question, but how can I keep the user from seeing the JavaScript?
You can't present JavaScript to the browser and then hide it from the user; it's just not possible. The best you can do is obfuscate it and make it difficult for the casual observer to decipher, however it won't stop a determined user from de-obfuscating it.
I found a node.js npm plugin that can hide any src="*" & href + content
https://www.npmjs.com/package/location-hide
This works also for php href, src, content it will use everything inside src=""
You need only node.js for creating the exported files. It´s easy to use even if you don´t know node.js. You can watch youtube guides for installing and using node.js
If you create enviroment 1 time you can load cool stuff with npm
It turns
<script src="test/folder/sample.js" type="text/javascript"></script>
<link href="test/stylesheet/perfect-scrollbar.css" rel="stylesheet">
into
<script src="TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR" type="text/javascript"></script>
<link href="gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq" rel="stylesheet">
And it generate new jquery include codes like this to include your scripts with javascript in a external file
$('[src=\'TNANIuTOLZfmLYwaPDIYhcZDVOWKodqYhysaTeQHFPDhYlDLCOtxZqYmkKAhaSwSgbsYOWlpBzVSBtMZKSfwRqvPSqWVlBBuzHR\']').attr("src", "test/folder/sample.js")
$('[href=\'gyXeFnOEvZbgTjLvdZRnsyrfhaXqffkDjcdATTouqpIenCalLRXKamuXEtiKbPGCsNrdQIaqTMTNWsLyLFuxygKytaruWzSjKYMq\']').attr("src", "test/stylesheet/perfect-scrollbar.css")
Also I would suggest you that you include all of your external javascript codes in 1 single js file. This file you place in the root of your index file that you can make this
<script src="./allinone_external_file.js" type="text/javascript"></script>
Then make right htaccess that nobody can acces this file. You can also make a fake import script for the source code that every body can see. But this file is only a redirect for the real external js file. you make this multiple times as example + use other obfuscation tools. This will protect you from people searching exploits with your javascript codes. I know its no big deal and maybe you can see the jquery include codes if you know how. But anyway its a great protection.