I'm trying to find how where and how to upload my scripts where I can source them as an external script.
I can't seem to find any question like this or maybe I'm not good enough in searching
But anyway, my situation is, I need to upload script online, a basic document.write to save space.
It cannot be a file on the same folder of storage as my pages because it's for work, and pages should be shareable to people as a standalone file so they don't have to extract it anymore.
Now I have tried to upload it online on different types of cloud or host, but I can't source it, because of security purposes I think?
Or maybe the source tag I should use must be different if it's online?
is it not <script type="text/javascript" src="https://abc.blabla.com/files/includes/html/page-links.js"></script>
Please please help. The main goal I have here is to upload my scripts online, and be able to source it as an external script on my "static and local website"
Thank you,
Renz
You probably are getting into to issues in most browsers when trying to load javascript from one domain (your-website.com) to another (localhost).
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
You can try loading your browser with CORS disabled (Chrome):
Disable same origin policy in Chrome
Or with a plugin such as these:
https://chrome.google.com/webstore/search/cors
You can do static hosting in firebase. once you host the files there then you can use the file link in script tag.
<script src="https://test.firebaseapp.com/file.js" ></script>
Related
I've created a website that uses 'http://code.jquery.com/jquery-latest.js' for some javascript animations. I've hosted my website on AWS S3, but it seems like the animations aren't working. I believe it has something to do with CORS and allowing it use the jquery link, but I may be wrong. Any advice? Sorry if I'm not using the terms correctly, am just learning all of this. Please let me know if theres more information required to answer, I'll gladly update the question with it.
I have this statement at the end of my html code.
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
<script src="assets/js/nav-main.js"></script>
Maybe your AWS S3 doesn't have access/permission to every link/Web from server, due to which jquery is not loaded. Download jquery file Download jquery and try using this downloaded file in code.
I don't know too much about web security but I found a piece of code in a javascript file of mine yesterday that would not have been added by me or anyone else with access to my website.
Nothing bad seems to have been happening on the site so I wouldn't have worried that much except that I have been consistently told by Google Adwords that I have malware on my website. Every time I ask them to investigate however, neither they nor google search console can find anything.
The piece of code in question was this something like this:
<script type="text/javascript" src="http://synchronize.exsads.com/click.js">
The only reason I found it was because it gave me an error in the dev console because the file wasn't able to be loaded.
I have no idea how the code got there. I've been trying to read up on code injections and XSS attacks but i don't really understand it and it seems like that has more to do with sending malicious code back to a server instead of actually changing the code within files. (please correct me if I'm wrong)
Is there a specific security vulnerability that would allow someone to access the code on my website, and if so, what steps do I have to take to prevent that? (Details or easy to understand resources please, much appreciated!)
That JS insert ads on your site.
Search manually for a extrange PHP file (i'll asume php), they generate extra HTML and insert some ads on your site.
EDIT
Ok, it's not a CMS. Change your FTP password and access to CPanel or PLESK.
Follow this steps: enter over FTP to the files on your hosting, look for a obvious with a extrange name .php file or .js, that file is the corrupted one.
Other solution: download all site over FTP and scan with a good antivirus.
Is there any way to add slide share like PDF viewer to the web site?
Only users can be able to view document... print or download can't be done.I tried several JavaScript plugins for doing that but unable to find one that has no print and downloadable options. And also client can disable JavaScript in browser therefore I think of that suitable server side script.
I also unable to find a server side script (PHP) for this. Please suggest.
Just keep the file outside the web root directory because the web browser follows the local file system privileges and not its own. Put them into a directory with a .htaccess file that blocks all communication.
Ex: Order deny,allow
deny from all
I don't know how much it will gonna help you.
Here is the problem. The company I work for has a number of sites, and many of them use the same jQuery UI widgets, like datepicker. I would really like to have just one copy of each widget in an _javascript folder on the top level of the server. The problem is that because the code is outside of the site folder, I need to use ColdFusion mappings to point to it. Apparently you can't use these with script or link tags however. It doesn't expand the mapping. So I tried using "ExpandPath" and got a message that it doesn't have permission to access that resource. Some research turned up that JavaScript can't access files on local file systems because that would be a security hole. So, although it was ugly, I tried wrapping the CSS file in tags and the JS file in tags, and then included them with cfinclude. That worked- sort of. The main issue is that apparently the css uses relative links to link to the images used, and those are all broken because the JS is included on a page in another folder from the script and images themselves.
Here is my question. Is there any good solution here? I don't think that what I want to do is unreasonable, but should I give up and just keep a copy of the widgets in every site folder? Thanks in advance for any help.
Included javascript files, like CSS files, don't have to be touched at all by the ColdFusion processor. You just use ColdFusion to craft the link and feed it to the browser like you would any image, attachment, or link to another site. The only difference is that this link is in a <script tag. So if you have several sites and want to access a common /js directory on all of them the work has to be done in the web server itself (IIS/Apache).
In your web server of choice make a virtual directory (or symbolic link) to your javascript directory called /js (or whatever name you choose). Do this for all the sites, and you have one /js directory that is accessible from all the hosted domains.
My situation is that all our ColdFusion work is intranet only. While we only have a few sites, that is more than one. We also use a development server as opposed to having people develop on their hard drives.
The first thing we did was to create a mapping on "/" to point to a certain directory. Let's say that it's c:\fred. In c:\fred we have subdirectories named images, css, js, udf, etc. That allows us to do stuff like this:
<cfinclude template = "/Templates/Reportheader.cfm">
<link rel= "stylesheet" type= "text/css" href= "/css/cashflow.css" title= "style1">
<script type="text/javascript" src="/JS/browserDetect.js" ></script>
in any application.
I'm trying to load information from a .xml file (located in a .kmz archive) into the description of a placemark using javascript. The goal is to display the information from the .xml file in an html table in the description. I've gotten everything working, with the exception that I can't seem to access the .xml file from the .kml file. I'm trying to use an XMLHttpRequest() to load the file from the .kmz. It works just fine as an html file, but when i put the html/javascript into a description tag of the .kml, nothing loads at all.
Does anyone know if this is even possible to do? If so, how? If not, any other suggestions?
Thanks in advance for the help!
Is this using the Google Earth API? If so, note that script tags, amongst others, are stripped out by default. You can work around this if needed as described at https://developers.google.com/earth/documentation/balloons#getballoonhtmlunsafe
If this is KML being loaded into the Google Earth client, javascript is allowed (with the exception of things like alerts which bring up a browser dialog).
However it's quite possible, for example if you are loading a separate KMZ in your XHR request, amongst a variety of other reasons, that you're getting a cross domain error (basically because you'll be loading a local file with file:// versus http://). To test this, I would recommend hosting the XML on a server somewhere, and trying to see if that works.
If so, but it does not work locally, please paste a link to your KMZ, or at least paste your main KML within the KMZ, and the associated file structure within the KMZ.