how to jump to another page in Google Apps Script site - javascript

I would like to give a page transition.
In web server (Google side), I prepare an html file like this,
<!DOCTYPE html>
<html>
<head>
<base target="_top">
<h1>Moving</h1>
</head>
<body>
link
<script> window.location.href='https://google.com'</script>
</body>
</html>
Note that using the link link, I can jump to the google page (google.com).
However I got a console message like below and cannot jump automatically with Javascript...
Refused to display 'https://google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I think this is a limitation in Google Apps Script..
Is there anyway to let users jump without clicking the link?

You were able to do it with window.top.location.href.
However, it seems it has been just blocked by Chrome CORS since this month.

Related

Block javascript disabled users from wordpress site

I am having a huge problem. I need to prevent access to non javascript users for a page on my website. I am not very technical when it comes to websites, hmtl or java ect. But I have a page that i would like non javascript users to not be able to access. I have tried lots of code from here in my header and footer such as
<noscript>
<meta http-equiv="refresh" content="0; URL=nojs/index.php">
</noscript>
but it does not work.
To put this into more detail my problem is that a host a webpage with a list of download links. There is an app (web browser) for amazon devices (android) that accesses webpages and allows you to download but it comes with javascript disabled by default.
This means that my Ads dont show and i am now getting 40TB a month bandwidth usage from people using this software which means i may have to pull the site soon as it costs more to run than the ads give back.
I think i need to either block non javascript users. Or is there a way i can make my links on that page in javascript so that none javascript users cant see or use them?
In an ideal world i would just like to display a message saying please enable javascript in settings but i have tried many header codes with no success. Any help here greatly appreciated
I tried using the meta tag inside the noscript tags like you did, and it worked fine for me. Try using an absolute link to your nojs page instead of the relative one you have. I don't know of a way to completely block nonjs users. Another option would be to use the noscript tags to hide the content of your html pages when js is disabled. This won't completely disable nonjs users from seeing your pages since if they are tech-savy they could use inspect-element to unhide the page content, but for the most part it should do a good job of preventing nonjs users from viewing your page. You can also include a no script alert. For example:
<!DOCTYPE html>
<html>
<head>
<title>
</title>
<noscript>
<style>
div.content {
display: none;
}
</style>
</noscript>
</head>
<body>
<noscript>
Please enable Javascript to view this Page
</noscript>
<div class=content>
Page Content Here
</div>
</body>
</html>

Code working in Dreamweaver cs6 but not in chrome/firefox.?

This code is working in Dreamweaver default browser but not in chrome or firefox. It shows only blank page , without showing google.com. Don't know why! May be the problem is with iFrame. But I have to show something other page in my page. Is there any workaround??
<!DOCTYPE html>
<html>
<head>
<title>booo yeah</title>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js" ></script>
<script type="text/javascript">
$(document).ready(function() {
var height = $(window).height();
var width = $(window).width();
$('iframe').width(width);
$('iframe').height(height);
});
</script>
</head>
<body>
<iframe src="http://www.google.com" frameBorder="0"></iframe>
</body>
</html>
Screenshot:http://goo.gl/jTpB2g
On back there is dreamweaver with left side code and right side its default browser showing the working code. In front, there is chrome in which nothing is showing
The website you are trying to display has security that prevents it from being used in iframe. for example <iframe src="http://www.w3schools.com"></iframe> works fine. The problem is not with your browser.
Open you console panel and you can see an error message says:
Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Google search returns an X-Frame-Options header with SAMEORIGIN, that meas this page can only be displayed in a frame on the same origin as the page itself.
See more from X-Frame-Options
Solutions:
If you have access to the site, try set X-Frame-Options to ALLOWALL or simply remove this from http response.
If you are stuck at google, try use Google Custom Search instead, replace your url with this http://www.google.com/custom, which sends 'X-Frame-Options: ALLOWALL ' which allows you to embed this site in your IFRAME.
It's probably not displaying for security reasons.
Same Origin Policy
The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This policy dates all the way back to Netscape Navigator 2.0.
Some websites do allow it but Google doesn't. Strange that it's ok with Dreamweaver doing it.
There are ways you can circumvent it (I can't say they'll be suitable for your problem though).
Ways to circumvent the same-origin policy
As ajtrichards said, Google has restrictions due to Same Origin Policy.
Just try another domain you will see that your code works
jsbin.com/UJeHaqe/1/edit

Disable flash on our website and in iframe

How can I disable flash from running in an iframe on my site?
We have a website where we give the user the option to view their site in an iframe on a makeshift mobile simulator. We wanted the user to see that their website doesn't look so great, but this doesn't work as intended for many reasons. I doesn't take into account meta-view port settings etc, but I'll figure that out later. The other problem is the flash works and don't want it to, so that they see that it wont run on iOS.
With the new HTML5 iframe sandbox attribute you can disable all plugins (including flash) in supported browswers by including the sandbox attribute. For example:
<!DOCTYPE html>
<html>
<head>
<style>iframe{height:9000px; width:100%;}</style>
</head>
<body>
<iframe sandbox="allow-scripts" src="http://www.adobe.com/software/flash/about/"/>
</body>
</html>
Will not display the flash animation, or version information. But the same code without the sandbox will:
<!DOCTYPE html>
<html>
<head>
<style>iframe{height:9000px; width:100%;}</style>
</head>
<body>
<iframe src="http://www.adobe.com/software/flash/about/"/>
</body>
</html>
Update - please see Rick's answer
The current HTML5 way is to use sandbox="allow-scripts" - this is explained in Rick's answer.
You can't control iframes on another domain from your site.
You can't run any scripts on them to remove/alter flash because of the same origin policy.
It's a security issue - imagine you could include and manipulate iframes. I could include an iframe containing http://nouveaus-bank.com and simulate events entering amounts and transferring money to my account in it.
There was an "allow-plugins" proposal for iframe sandboxing but it was rejected.
Your only option would be using a proxy on your site and putting it on your domain instead, or manipulating it on the server-side. If you can ask clients to include a code snippet on their side you can do a .postMessage and intercept it on the iframe asking it to remove the flash.

Use an iFrame without session or cookie data (incognito)

If you use an iFrame element in an HTML document, the child page will load with all of the session and cookie data from the browser.
For example:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Stack Overflow in an iFrame</title>
</head>
<body>
<h1>Stack Overflow in an iFrame</h1>
<iframe src="http://stackoverflow.com" width="640" height="480" />
</body>
</html>
Ignore for a moment that SO doesn't actually allow itself to be loaded in an iFrame. If it did, the SO page loaded by the iFrame would show you as signed in.
How can I use an iFrame without any cookies or session data? (like incognito mode in Chrome)
Why?
My company sells a product (web-app) for people to build customized websites with. When they are authenticated, and they visit their website, we show them the auth'ed version of the UI so that they can edit the content. Un-auth'ed users only see the static website. Using multiple browsers or clearing cookies is not a reasonable expectation of our users so we want to show a preview of their site to them in an iFrame so they can see what their visitors would see. We also want to show "mobile" previews of the site with smaller resolution iFrames so that they may see what their visitors would see if they came to the website on a phone. These iFrame(s) need to be loaded without access to the browser's cookies or session data so that they load in un-auth'ed mode, just like Chrome does in incognito mode.
I haven't tried anything yet because I don't know where to start. I did find out that HTML5 added some sandbox attribute values to the iFrame element, but none of them seem to help with this problem. Maybe something could be done with JavaScript, we do already use jQuery in our project.
Note: We aim to only use valid HTML5
If you fully control the webstack wouldn't it be easier to add a preview parameter that treats the user as unauthenticated?
For instance:
<iframe src="http://stackoverflow.com?preview=1" width="640" height="480" />
Followed by bypassing your authorization checks if the preview flag exists.

Add a google gadget to webpage

I'd like to add a google calendar gadget to a webpage.
This page shows the gadget
http://www.google.com/ig/directory?synd=open&url=http://www.google.com/ig/modules/calendar3.xml
The linked page includes code to paste into a webpage
http://www.gmodules.com/ig/creator?synd=open&url=http%3A%2F%2Fwww.google.com%2Fig%2Fmodules%2Fcalendar3.xml&lang=en
I tried creating a simple page:
<!DOCTYPE html>
<html>
<head>
<title>Calendar</title>
</head>
<body>
*<script src="//www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/calendar3.xml&up_calendarFeeds=&up_calendarColors=&up_showDatepicker=1&up_showEmptyDays=0&up_showExpiredEvents=1&synd=open&w=320&h=447&title=Google_Calendar&lang=en&country=ALL&border=%23ffffff%7C3px%2C1px+solid+%23999999&output=js"></script>*
</body>
</html>
but the resulting page does not display a calendar, just '**'. I'm storing this page in a local file (not on a server) and opening in a browser.
Any suggestions, including another way to get the same functionality?
The information on this page leads to a solution:
https://support.google.com/calendar/answer/41207?hl=en

Categories

Resources