Link to external js


#1

Hi,
I’m writing a package in which I’m gonna use gmaps.js.
as seen in the examples it requires the gmaps API to be linked as

<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"></script>

how can I instruct my view to insert the script in the <head> ? is it possible?

cheers
ste


How to add inline script to space pen html
Adding a script to a frame (Atom's CSP)
#2

Are you going to create a view from an html file?
Or do you want to load that file from your view coffeescript file?


#3

Hi Abe,
at the moment I have no html at all. I was just trying to figure out if “inject” that bit was a viable solution. But sure I can load an html if this simplify things in some way. If you have some advice I can follow it will be a great help considering I’m a total noob on View programming

ste


#4

Experiments are going on… with the following line

@script type: 'text/javascript', src: "https://maps.google.com/maps/api/js?sensor=true"

inside the @content of my view I can actually reference external javascript, but the security issue is raised

Refused to load the script 'https://maps.google.com/maps/api/js?sensor=true&_=1405013880853' because it violates the following Content Security Policy directive: "script-src 'self'". 

A quick Google search for the message shows this is fairly common problem when developing Chrome packages, and the workaround there is to relax security requirements a bit from the package manifest.

Is a similar trick achievable in atom.io?

Any other ideas about the original question on how to link to external javascript?

cheers
ste


#5

There is a topic about Content Security Policy errors over here:


#6

Hi leedohm,
I read that discussion before but if I’m correct the accepted solution there solves the problem when using ‘eval’, and doesn’t address my case… am I right?

thank you for the support

ste


#7

To be honest, @cooked, I’m not familiar enough with CSP violations and their current methods of resolution to be certain whether or not the solution there will or will not work for your situation. I just wanted to make sure that you saw it :grinning: It also helps to have similar issues linked together so that when people search for things if they find this topic but were really looking for the solution in the other topic, they can just click through instead of searching again :smile:


#8

I’m reasonably sure, well at least I hope I’m right, that this will never be allowed. The security hole exposed by being able to load arbitrary, external JS is simply too big. There exists no mechanism in the way of a checksum (SHA-2) or similar that would prevent a future update to the external JS. An update that could turn every machine with the installed package into a bot in a botnet, or worse.

I haven’t checked, but I hope the loophole module doesn’t work for these kind of scenarios.
Just bundle the JS library together with your package. Problem solved.


#9

Thank you all,
for the positive support. This is quite encouraging!
@thomasjo the library is google maps one …trying to make it available offline lead to this :frowning:

http://www.dreamincode.net/forums/topic/302616-making-google-maps-script-available-offline/

the code doesn’t seem to be easy to package for what I can see
(also forgetting for a moment we are “forbidden” to package it by the usage license, as I recall)

what you think?


#10

I was worried it might be something like that; yes, Google makes it very hard to bundle up the JS libraries because of their bootstrap shenanigans.

My best suggestion at this point is to avoid Google Maps and use OpenStreetMap instead, together with e.g. OpenLayers

Sorry I can’t be the bearer of good news… I can merely suggest less than ideal workarounds such as this.


#11

thank you all,
thank you @thomasjo,
picking up on your latest post I actually found the solution to my original problem (show maps inside Atom.io).
So, while the topic of the discussion has not been addressed completely, I came up with a viable solution for what I was trying to achieve, using OpenStreetMap (via Leafleat.js, the node package called leaflet-engine) . The solution doesn’t involve linking external javascript as all the code is local, but gives you good looking maps in atom (as you can see here)

hope this helps others

enjoy your day!

cheers
ste