Forums » Developers
Using Clicky from a Chrome Extension
When I try to use the Clicky embed code inside a Chrome extension, I get the following error:Error: Code generation from strings disallowed for this context
at _ins.get_cookie (https://static.getclicky.com/js:1:10390)
at _ins.beacon (https://static.getclicky.com/js:1:7621)
at _ins.log (https://static.getclicky.com/js:1:3065)
...
This appears to be caused by the Clicky code using a Function constructor with String, as described here: http://stackoverflow.com/a/11977347
Is generating code like that really necessary and could this be fixed at your end?
Posted Sun Jan 6 2013 4:07pm by starthq
The code isn't going to work in an embedded environment like that. It's not designed to. Sorry.
Posted Tue Jan 8 2013 11:39am by Your Friendly Clicky Admin
I don't understand why your JS code needs to use eval(). It's a security risk.
This is the current code causing a problem with the eval line:
this.get_cookie = function (name) {
var ca = document.cookie.split(';');
for (var i = 0, l = ca.length; i < l; i++) {
if (eval("ca[i].match(/\b" + name + "=/)"))return decodeURIComponent(ca[i].split(name + '=')[1]);
}
return'';
};
Why not replace the eval line with:
if (ca[i].match(new RegExp("\b" + name + "="))return decodeURIComponent(ca[i].split(name + '=')[1]);
Posted Tue Jan 8 2013 11:55am by starthq
There are issues with escaping in this forum, there should be two characters before the b in the regex.
Posted Tue Jan 8 2013 11:57am by starthq
This change is live now.
Posted Thu Feb 7 2013 1:33pm by Your Friendly Clicky Admin
Works great, thanks!
Posted Thu Feb 7 2013 3:08pm by starthq
