Forums » Developers

Using Clicky from a Chrome Extension

When I try to use the Clicky embed code inside a Chrome extension, I get the following error:

Error: Code generation from strings disallowed for this context
at _ins.get_cookie (
at _ins.beacon (
at _ins.log (

This appears to be caused by the Clicky code using a Function constructor with String, as described here:

Is generating code like that really necessary and could this be fixed at your end?

Posted Sun Jan 6 2013 4:07pm by starthq

The code isn't going to work in an embedded environment like that. It's not designed to. Sorry.

Posted Tue Jan 8 2013 11:39am by Your Friendly Clicky Admin

I don't understand why your JS code needs to use eval(). It's a security risk.

This is the current code causing a problem with the eval line:

this.get_cookie = function (name) {
var ca = document.cookie.split(';');
for (var i = 0, l = ca.length; i < l; i++) {
if (eval("ca[i].match(/\b" + name + "=/)"))return decodeURIComponent(ca[i].split(name + '=')[1]);

Why not replace the eval line with:

if (ca[i].match(new RegExp("\b" + name + "="))return decodeURIComponent(ca[i].split(name + '=')[1]);

Posted Tue Jan 8 2013 11:55am by starthq

There are issues with escaping in this forum, there should be two characters before the b in the regex.

Posted Tue Jan 8 2013 11:57am by starthq

This change is live now.

Posted Thu Feb 7 2013 1:33pm by Your Friendly Clicky Admin

Works great, thanks!

Posted Thu Feb 7 2013 3:08pm by starthq

Reply to this discussion

You must be logged in to your account to post!