I'm using a general Google Apps Script function to be able to read, prettify and publish Google Apps Script code and data from a scriptdb. I've recently extended it to publish code from a Gist or from a given web address. The purpose it to be able to include live code snippets in documentation. I have it all working fine for most use cases, including for html and other server based files.
However, php files get executed rather (than returned as text/html) when accessed with urlFetch(). I know it's along shot, but does anyone know of any header options, or indeed any other technique, I can use to generally override this?
What you are asking for would be a major security problem. It is not possible to ask for the php-code instead of the result of the php script execution. Well, not exactly - it is up to the Server hosting that php script what it does with it. If there was no php extension installed on the server it would return the php code or the file as whole.
But to help with your request:
You should ask the server administrator / website owner if the code is available somewhere and if so what the url is. I believe there is a php extension that allows files to be looked at with colors, text indent and everything - but i think it is disabled by default (or you need to rename your php file to something else)
Related
I hope someone has some insight into this issue. I'm trying to execute script in google sheets. The script runs fine when manually executed. We need to use service account for this purpose. API executable was published, I have .p12 file for authentication, there is only 1 function to run and we're getting the 404. I'm using some c# code from DEVs site and that should work as per the article. Has anybody else run into this? Is there an example that shows how to do it correctly? This is what i've based my code on, to no avail... https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth
Thanks for any ideas!
Edit: Thanks Ares - my specific problem is that while following devs example code, I can't execute google script and receive the before mentioned 404 error.
You cannot use C# in GAS. Google Apps Script is based on Javascript. The link you provided shows how to code an example in .NET, which is neither GAS or C#, so I'm confused at why you would follow that example at all.
Regardless, any code that can be used in a Google Script site will say that it is for a .gs or an HTML file.
Remember that Google has many API's that work across multiple languages. GAS is what they want to push, but not every guide they make is aimed at GAS.
I assume the 404 is from using unreadable code.
I have a proprietary scientific algorithm in C and it has been compiled.
I want a 3rd party website(s) to able to run it from their web sites - can I put the executable on Google/One/Drive, Dropbox or another drive ... or what environment does it have to be in so that it can be run?
I really do not want anyone to download the executable
It supposed to be for a specific partner to utilize
For my program, the input has to come from my partner's site. What do I do to get the input from his website?
You need a server which you have permissions to run executables.
The beginning of the solution will be to install a server with a we server application like Apache.
Then to enable some server side scripting language like php or cgi.
Write an html/php page that calls that c program you wrote and return a response in some parsable form like JSON or XML.
The web page will be invoked with data from the other website, like query parameters, post payload etc.
This is not a simple or quick solution.
If this code can be migrated to javascript , then it will be much easier, but you will have to share your source code.
I really like the look of jsPDF but I can't seem to find any documentation for server side usage. The page here seems to suggest that this is possible, but the link for an example is broken or no longer exists. I would really like to use this library in a Google Apps Script project if possible.
The new home for jsPDF is here. Note that the "Server-side will work anywhere" promise is no longer presented. Chances are that it would work on Node.js, for example, but since Apps-Script is an incomplete javascript implementation it might not work there.
You can generate PDF files from within Apps-Script already. If the subject document is in Google Drive, then you can use getAs("application/pdf") to request the document as a PDF. (If it's not a Google Drive document, then first turn it into one.) Read over 4 ways to do Mail Merge using Google Apps Script, method 3, for an example.
I would like to make a copy of a Google Spreadsheet file between users that are not on the same domain. The source file has a sharing setting of Anyone with the link can edit.
I created a Web App (with execution permissions set to User accessing the web app) that call an install function:
I was hoping the code would read the source file which is open to everybody and make a local copy to the Google Drive of the user running the Web App (of course assuming the user accept to run the script). The behavior works when it's me running it (because I am the owner of the source) but do not work if the user is from another domain.
Any suggestions on how to achieve this?
function doInstall() {
// The source file is readable by everybody with the link;
var file = DocsList.getFileById('0AlVPTKz1xoevdHc1ZTQ2OGFMXXXXXXXYYYYZZZZ');
file.makeCopy('Test Copy Spreadsheet');
}
I had a different but similar use case and problem. Like you, my source file was accessible to anyone with the link and my domain settings allowed users to share content outside my domain. It worked for me but not for them.
This might work for you, it has for me (so far):
Assuming you have your original script...
Create a separate script for 'Script as web app'.
Write a function (e.g. loadFileIds()) to store the necessary fileIds using ScriptDb. Run the loadFileIds() function.
Write another function (e.g. getFileId()) in the same project that returns your desired file Id from ScriptDb.getMyDb when called. Avoid using DocsList in this function. I originally thought that because getFileId() would 'run as me' that it would be OK but it was always the DocsList line that caused failures when other users triggered the script.
In File > Manage Versions: Save a version of the project.
Under Publish: Deploy that version of your project as a web app. Choose Execute the app as "me(me#mydomain.com)" and set Who has access to the web app to "Anyone".
In your original project go to Manage Resources and enter the Project Key of the web app, choose a version and copy the identifier.
Write a function that calls yourIdentifier.getFileId() and - hopefully - returns the fileId.
In my experience so far external users have been able to access files that they could not when DocsList methods returned null. But there is one more thing to add... You might find you have to share your web app script with your users. I haven't quite made certain that's necessary but I've encountered bugs when I don't. I untick the option to email them the link.
I learned how to do this from examples in the documentation, this video and of course StackOverflow.
As you can see, I'm still working this out myself and testing of the system has so far been just me simulating other users. So no promises. Good luck! I'll star your issue.
Recently, i have made a chrome ext, but anyone can read its source code by rename the crx to zip and extract it, how i secure my SC ?
The only way to prevent anyone with your extension from seeing the logic is to move it out of the extension that runs on a user computer and into a web service that the extension accesses.
Since this will slow down the works quite a bit, you should only do this for the really valuable parts of your code.
The best (and only?) way would be to obfuscate your JavaScript.
edit: Chrome Webstore does not allow you to obfuscate your JavaScript code. You can read it in the Chrome Webstore program policies
Code Readability Requirements:
Developers must not obfuscate code or conceal functionality of their
extension. This also applies to any external code or resource fetched by the
extension package. Minification is allowed, including the following forms:
Removal of whitespace, newlines, code comments, and block delimiters
Shortening of variable and function names
Collapsing files together
You can use Google Firebase API and related other storage services for write secure/safe business logic, because your google extension code is always open to show for every one....
:::: Example for your more help ::::
key-value from extension JS code ----- Transfer to Server ----> Firebase API perform your logics ---- send back to ----> extension JS code
FireBase is Free and light weight and perfect for business logic