I'm building a community driven website off of Google sites (I know this is a bad choice, I don't have a choice in the matter) and the majority of the functionality is build into Google Apps Scripts (to read/write to an external database and handle how data is displayed). Amid various issues, I've found one that consistently confuses me.
I typically structure my GAS projects into Javascript, HTML, and CSS (Code.gs, HTML.html, and CSS.html). I leverage jQuery for quite a few things (e.g., click handlers, form submission, etc). However, it seems that my jQuery and my Javascript can't exist in the same "world", here meaning in the same .gs file, or the same script tags if it's going in the HTML file. In fact, I can't call any jQuery functions from my .gs file! Can someone explain why this is, please? It seems like the problem is that the jQuery library isn't included, but I can't find a way to include anything in Javascript (think #include from C). And since this is web programming, which is pretty different from "normal" programming, I think that part of my problem understanding this comes from here. And working inside a framework (GAS) doesn't help.
Much obliged, thank you.
HTML Service supports JQuery because the code is executed in your Browser, so the library is loaded in your browser too (after CAJA sanitization) but the code in the .gs file is executed on Google's server and you can't obviously load anything on Google's server !
In one word : there is no way to use JQuery or any other external library in Google Apps Script files other than .html files used in HTML Service.
In the project configuration you're describing, which matches the examples from the HtmlService Best Practices, all your GS code runs server-side, while the regular javascript and jQuery run client-side, in the user's browser. If you've got GS in your HTML files, then I expect you're using templated HTML, which in turn means that the GS is evaluated server-side to produce the final HTML that gets served to the client. (Take a look at the HTML source once the page is served up... no GAS in there.)
So it's those different operating contexts that keep your GAS & jQuery elements from interacting directly. From the client, you can use google.script.run for instance, to call server-side functions and pass parameters to them, and you can also set up call-backs to receive asynchronous "returns" from your GS code.
Given the reliance on DOM elements, I am not sure what use there would be in having jQuery in server-side Apps Script, but this blog entry from #EricKoleda provides an example of porting an open source javascript library to Google Apps Script. (Maybe you'll find his copy of the Underscore Library to be all you need!)
Related
Hello guys,
I want to be able to access informations stored in chrome.storage.sync from an inline script within a web page, injected by my extension.
When trying to use chrome.storage.sync, sync can't be called from "undefined". In the same way, I couldn't call chrome.runtime.sendMessage. This answer taught me I can't access Chrome APIs from an injected script.
I found out that I could eventually call sendMessage using this technique : https://developer.chrome.com/extensions/messaging#external-webpage and then I could return the wanted data in the callback.
But I wanted to know, is there a better way to do this ? Accessing chrome.storage data from the injected script ? The fact that I need to use my extension's as an argument is really not great...
Thanks !
Since your injected script is essentially the same as the page's own code from a security perspective, there's no way to make this task easy.
externally_connectable that you found is one of the ways to do it.
The other way is to talk with the content script itself. You can do so with custom events or window.postMessage.
I've always thought that when you create a Web App with GAS (using Html Service), the codes you write in Code.gs and HTML file(s) are both client-side codes.
But from this Html Service: Communicate with server functions guide, it seems to imply that the codes in Code.gs is "server-side" and the codes in index.html is "client side".
The guide states that "the function deepSecret_() is completely invisible to the client." If that is the case, the client-side codes is only the index.html file right? So I am actually writing both server and client codes when creating Web App?
I guess what confuses me is that I am under the assumption that when creating Web App with GAS I am just writing "client-side" code.
If you read through the docs it becomes apparent that code.gs is code running on Google's servers. It's not completely spelled out other than a few places where it states "in the cloud."
The basic idea is that your code.gs uses either the Html Service or the UI Service. In the case of the Html Service, the script runs server side to serve html to the user's browser. It also defines functions that are run on the server.
The html sent to the user can contain javascript calls that use Google's client library to provide linkage back to the server defined method. In the example you posted, It is running the getBankBalance() method on the server and then the user's browser will run the callback function onSuccess() if the call to the server successfully returns.
I really like the look of jsPDF but I can't seem to find any documentation for server side usage. The page here seems to suggest that this is possible, but the link for an example is broken or no longer exists. I would really like to use this library in a Google Apps Script project if possible.
The new home for jsPDF is here. Note that the "Server-side will work anywhere" promise is no longer presented. Chances are that it would work on Node.js, for example, but since Apps-Script is an incomplete javascript implementation it might not work there.
You can generate PDF files from within Apps-Script already. If the subject document is in Google Drive, then you can use getAs("application/pdf") to request the document as a PDF. (If it's not a Google Drive document, then first turn it into one.) Read over 4 ways to do Mail Merge using Google Apps Script, method 3, for an example.
I'm using a general Google Apps Script function to be able to read, prettify and publish Google Apps Script code and data from a scriptdb. I've recently extended it to publish code from a Gist or from a given web address. The purpose it to be able to include live code snippets in documentation. I have it all working fine for most use cases, including for html and other server based files.
However, php files get executed rather (than returned as text/html) when accessed with urlFetch(). I know it's along shot, but does anyone know of any header options, or indeed any other technique, I can use to generally override this?
What you are asking for would be a major security problem. It is not possible to ask for the php-code instead of the result of the php script execution. Well, not exactly - it is up to the Server hosting that php script what it does with it. If there was no php extension installed on the server it would return the php code or the file as whole.
But to help with your request:
You should ask the server administrator / website owner if the code is available somewhere and if so what the url is. I believe there is a php extension that allows files to be looked at with colors, text indent and everything - but i think it is disabled by default (or you need to rename your php file to something else)
Recently, i have made a chrome ext, but anyone can read its source code by rename the crx to zip and extract it, how i secure my SC ?
The only way to prevent anyone with your extension from seeing the logic is to move it out of the extension that runs on a user computer and into a web service that the extension accesses.
Since this will slow down the works quite a bit, you should only do this for the really valuable parts of your code.
The best (and only?) way would be to obfuscate your JavaScript.
edit: Chrome Webstore does not allow you to obfuscate your JavaScript code. You can read it in the Chrome Webstore program policies
Code Readability Requirements:
Developers must not obfuscate code or conceal functionality of their
extension. This also applies to any external code or resource fetched by the
extension package. Minification is allowed, including the following forms:
Removal of whitespace, newlines, code comments, and block delimiters
Shortening of variable and function names
Collapsing files together
You can use Google Firebase API and related other storage services for write secure/safe business logic, because your google extension code is always open to show for every one....
:::: Example for your more help ::::
key-value from extension JS code ----- Transfer to Server ----> Firebase API perform your logics ---- send back to ----> extension JS code
FireBase is Free and light weight and perfect for business logic