How to add a view with script tags?


#1

I’m attempting to make a package that wraps this bootstrap plugin.

I am having trouble inserting the view into the Atom workspace/workspaceView.
The problem arises because I must include scripts in the view, which is not allowed by the Content Security Policy of Atom.

Is there a better way to add to the workspace view and, if not, is there any way to add external scripts to the view?

Functionally, what I want it to do is something like color-picker except it inserts the html tag for the icon you select, but I think that is out of the scope of this problem.


#2

Try adding this as an attribute to your view. I know it works on iFrames.

sandbox:  'allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scripts'

#3

@mark_hahn Thanks for the reply. This would be an attribute at the top level, correct?

If my view was an iFrame it would be like <iframe sandbox="allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scripts"> if I was writing it as markup?


#4

Yes. I have no idea if you can use on anything but an iFrame.

I have a question. Why do you have to inject a script? Why can’t you just run your code in the normal way in node? It has full access to the DOM like any script you inject.


#5

I am trying to include this simple plugin, but it requires access to functions inside certain scripts (linked) in order to behave dynamically.

It appears I need to isolate the entire thing from the rest of Atom or it complains.

I will try it with a sandboxed iFrame as you suggest and report back results.