Forums » Developers



Using Clicky from a Chrome Extension

When I try to use the Clicky embed code inside a Chrome extension, I get the following error:

Error: Code generation from strings disallowed for this context
at _ins.get_cookie (https://static.getclicky.com/js:1:10390)
at _ins.beacon (https://static.getclicky.com/js:1:7621)
at _ins.log (https://static.getclicky.com/js:1:3065)
...

This appears to be caused by the Clicky code using a Function constructor with String, as described here: http://stackoverflow.com/a/11977347

Is generating code like that really necessary and could this be fixed at your end?

Posted Sun Jan 6 2013 4:07pm by starthq


The code isn't going to work in an embedded environment like that. It's not designed to. Sorry.

Posted Tue Jan 8 2013 11:39am by Your Friendly Clicky Admin


I don't understand why your JS code needs to use eval(). It's a security risk.

This is the current code causing a problem with the eval line:

this.get_cookie = function (name) {
var ca = document.cookie.split(';');
for (var i = 0, l = ca.length; i < l; i++) {
if (eval("ca[i].match(/\b" + name + "=/)"))return decodeURIComponent(ca[i].split(name + '=')[1]);
}
return'';
};

Why not replace the eval line with:

if (ca[i].match(new RegExp("\b" + name + "="))return decodeURIComponent(ca[i].split(name + '=')[1]);

Posted Tue Jan 8 2013 11:55am by starthq


There are issues with escaping in this forum, there should be two characters before the b in the regex.

Posted Tue Jan 8 2013 11:57am by starthq


This change is live now.

Posted Thu Feb 7 2013 1:33pm by Your Friendly Clicky Admin


Works great, thanks!

Posted Thu Feb 7 2013 3:08pm by starthq



Reply to this discussion

You must be logged in to your account to post!