I had this Google floodlight code on a secure page in one of the websites I maintain. This content is inside and iframe which in turn is inside :
<script type="text/javascript">
document.write ('<IFRAME src="https://fls.doubleclick.net/activityi;src=XXXXX;type=12312;cat=084;qty=1;cost=$iTotal;?" width="1" height="1" frameborder="1" style="display:none"
</IFRAME>')
</script>
recently IE issued a message stating the page has insecure content. Inspecting the page with fiddler I can see that now the Google server that receives the floodlights also sends back a javascript library:
"http://www.googleadservices.com/pagead/conversion.js"
which is causing the insecure content message.
Has this happened to you too? Any idea how to fix it?
I found a tag I didn't knew on doubleclick:
<img src="https://gan.doubleclick.net/gan_conversion?advid=K123456&oid=12345&amt=123.45" width=1 height=1>
but It's not very clear if it does the same thing.
Ideas?
In the corrosponding Google Floodlight activity, you'll want to check the box that says "Secure Servers Only (https)".
Related
I am trying to show the stream from an external site. That site has too many pop-up ads, and I am trying to block pop-up using the sandbox attribute. But it is showing
Remove sandbox attributes on the iframe tag
How can I solve it?
removing the sandbox fixes the issue, but there are a lot of pop-ups.
Here is the code I am using.
<iframe allowfullscreen="true"
referrerpolicy="same-origin"
sandbox="allow-form allow-pointer-lock allow-same-origin allow-scripts"
frameborder="0" height="540" scrolling="no" src="https://somesrc.com/11.php"
width="780"
>
I've got a website currently running.
I would like for ONLY mobile users to be able to use the website.
So anyone who is on a desktop, it will show a 404 error or such.
How can I go about doing this?
Would user-agents be the proper way to go about doing this?
Thanks,
Yes detect the uger agents and redirect to an error page or welcome page from a filter on your server.
I did this using screen size:
<script type="text/javascript">
<!--
if (screen.width => 699) {
document.location = "Yoursite/404";
}
</script>
I want to run a content script on an iframe with a chrome-extension:// URL. I added a line to my manifest.json that I copied out of the documentation http://code.google.com/chrome/extensions/match_patterns.html
chrome-extension://*/*
But when I reload my extension I get an alert:
Could not load extension from '/work/sirius/extension'.
Invalid value for 'content_scripts[2].matches[0]': Invalid scheme.
Any idea how to get this to worK?
No. Only ftp:, file:, http: and https: can be matched by a content script declaration.
Invalid URL patterns at any of the matches and exclude_matches fields are rejected (generating an error when trying to load the extension).
Invalid patterns at the permissions option in the manifest file are ignored.
If you want to run a script on a tab from your extension, use chrome.extension.getViews in your background script.
Even better, design your extension's pages such that they effectively communicate with each other (example).
I'm having the exact same problem, look at the API http://code.google.com/chrome/extensions/match_patterns.html it says clearly that they accept chrome-extension://*/* yet they don't.
They need to update the API so as not to confuse people.
It seems that Chrome authors have silently removed the ability for content scripts to be injected into chrome-extension: pages. Documentation still says that it works and even contains examples with chrome-extension: scheme but actually it doesn't work. So now only http:, https: and ftp: work "from the box" and file: can work if user of your extension has enabled this on Extensions (chrome://extensions/) page.
Update: now documentation referred above is updated and says nothing about ability to inject content scripts to chrome-extension: pages.
You can inject js to your iframe html(chrome-extension: pages) without declaring it in manifast.json. The injected js can visit Chrome APIs directly.
iframe.html:
<!DOCTYPE html>
<html>
<head>
...
</head>
<body>
...
</body>
<script src="iframe.js"></script>
</html>
iframe.js:
console.log(chrome); // {loadTimes: ƒ, csi: ƒ, …}
I created a simple slideshow script to include on a Google Site for Google+ albums (it uses a library found at: https://sites.google.com/site/scriptsexamples/new-connectors-to-google-services/picasa-services). The test version worked except for the fact that if publish for anonymous access, it displays that aweful "This application was not created by Google" nonsense at the top. As this is a slideshow, I tried finding a way to avoid this. Thus I decided to try my hand at a Gadget. I opted to use Google Gadget Editor and combed through the internet to see how to do this (I am a complete noob with regards to gadgets, so excuse my ignorance...)
In the end I came up with this: http://hosting.gmodules.com/ig/gadgets/file/117039901033759910299/google-plus-slider.xml
Once I insert the gadget, I do not get any error messages and the frame does display on my google site (without the warning message, as far as I can tell), but nothing else happens. And I have no idea why.
Some notes:
the javascript works when it is a google apps script, published and then inserted in my site (but the warning message is ugly)
I have no idea whether it is even possible to call typical GAS calls such as Ui.App in XML gadget - if not, then I will have to learn, but don't know where.
Obviously the library that I am using needs to be loaded - I researched as much as I could but cannot find any way to load the library. The only option I could find was to include specific predefined libraries with the Required tag.
I hope you have all the info and that someone can help! Thanks in advance.
Do you get any Cross-Domain warnings in your console?
I would try and include the external library in your gadget-name.xml file. You're free to include (mostly) whatever JS you like under
<?xml version="1.0" encoding="UTF-8" ?>
<Module>
<ModulePrefs
title="Slider"
height="50"
width="200"
border="none"
/>
<Content type="html">
<![CDATA[
<script type="text/javascript">
function my-slide-show(){
//Dump your lib JS here
}
</script>
<div class="slideshowHtml"></div>
]]>
</Content>
</Module>
This will at least avoid any scoping / Cross origin worries you might be having
I want to run a content script on an iframe with a chrome-extension:// URL. I added a line to my manifest.json that I copied out of the documentation http://code.google.com/chrome/extensions/match_patterns.html
chrome-extension://*/*
But when I reload my extension I get an alert:
Could not load extension from '/work/sirius/extension'.
Invalid value for 'content_scripts[2].matches[0]': Invalid scheme.
Any idea how to get this to worK?
No. Only ftp:, file:, http: and https: can be matched by a content script declaration.
Invalid URL patterns at any of the matches and exclude_matches fields are rejected (generating an error when trying to load the extension).
Invalid patterns at the permissions option in the manifest file are ignored.
If you want to run a script on a tab from your extension, use chrome.extension.getViews in your background script.
Even better, design your extension's pages such that they effectively communicate with each other (example).
I'm having the exact same problem, look at the API http://code.google.com/chrome/extensions/match_patterns.html it says clearly that they accept chrome-extension://*/* yet they don't.
They need to update the API so as not to confuse people.
It seems that Chrome authors have silently removed the ability for content scripts to be injected into chrome-extension: pages. Documentation still says that it works and even contains examples with chrome-extension: scheme but actually it doesn't work. So now only http:, https: and ftp: work "from the box" and file: can work if user of your extension has enabled this on Extensions (chrome://extensions/) page.
Update: now documentation referred above is updated and says nothing about ability to inject content scripts to chrome-extension: pages.
You can inject js to your iframe html(chrome-extension: pages) without declaring it in manifast.json. The injected js can visit Chrome APIs directly.
iframe.html:
<!DOCTYPE html>
<html>
<head>
...
</head>
<body>
...
</body>
<script src="iframe.js"></script>
</html>
iframe.js:
console.log(chrome); // {loadTimes: ƒ, csi: ƒ, …}