Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why am I getting a blocked script execution error?

Tags:

javascript

csscritic

I am using http://cburgmer.github.io/rasterizeHTML.js/ to turn html into a canvas. When I change the code to:

var canvas = document.getElementById("save_image_canvas");
// rasterizeHTML.drawHTML('<div style="font-size: 20px;">Some <span style="color: green">HTML</span> with an image</div>', canvas);
rasterizeHTML.drawHTML(document.getElementById("mattes").innerHTML, canvas);

I get the following error in the console:

Blocked script execution in 'Mysite/Custom_App/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

All the scripts and content are located on the same server.

Here is the full function:

function common_screenshot()
{
  var canvas = document.getElementById("save_image_canvas");
  if (typeof(moulding_canvas) === "undefined")
  {
    canvas.height = parseInt($("#matte_canvas").height());
    canvas.width = parseInt($("#matte_canvas").width());
  }
  else
  {
    canvas.height = parseInt($("#moulding_canvas").height());
    canvas.width = parseInt($("#moulding_canvas").width());
  }
  canvas.style.backgroundColor = "#FFFFFF";

  var moulding_top = -1 * parseInt(document.getElementById("moulding_canvas").style.top);
  var moulding_left = -1 * parseInt(document.getElementById("moulding_canvas").style.left);

  console.log("top: " + moulding_top);
  rasterizeHTML.drawHTML(document.getElementById("mattes").innerHTML).then(function (renderResult) 
  {
    context.drawImage(renderResult.image, moulding_left, moulding_top);
  });
  var ctx = canvas.getContext('2d');
  ctx.drawImage(matte_canvas, moulding_left, moulding_top);
  if (typeof(moulding_canvas) !== "undefined")
  {
    ctx.drawImage(moulding_canvas, 0, 0);
  }
  var image = new Image();
    image.src = canvas.toDataURL("image/jpeg");
  return image;
}

The image that results from the rasterizeHTML is fine when it is on the screen, but when I call canvas.toDataURL, the image that results is all black.

like image 216
AllisonC Avatar asked Jun 27 '14 14:06

AllisonC

2 Answers

Judging by the error message, you are using a Webkit-based browser, most likely Chrome. This error message (introduced here) is displayed when an <iframe> element with sandbox attribute is attempting to run JavaScript (only allowed when allow-scripts is specified in that attribute). A look at the rasterizeHTML source code shows that the function createHiddenSandboxedIFrame() creates such a frame. It is used for calculateDocumentContentSize(), the contents of the document are being copied into the temporary sandboxed frame in order to measure their size. Apparently, that document also contains some <script> tags and these cause the error (not because of the script origin but because scripts are generally disallowed).

Now your code doesn't call calculateDocumentContentSize() of course. It is being called by function drawDocumentImage() called by function doDraw() called by function rasterizeHTML.drawDocument() called by function rasterizeHTML.drawHTML(). In the end, the issue is really: the HTML code you are passing in contains <script> tags.

Given that executing scripts on the HTML code you are drawing doesn't seem to be the intention (no executeJS option), you should be able to simply move the <script> tags somewhere else, so that they aren't inside the mattes element. If that's impossible, you can still run some a regular expression on the source code to remove all script tags, something like:

var code = document.getElementById("mattes").innerHTML;
code = code.replace(/<\/?script\b.*?>/g, "");
rasterizeHTML.drawHTML(code, canvas);

Edit: Inline event handlers like ondrop attribute will also trigger that warning of course. You can remove these as well:

code = code.replace(/ on\w+=".*?"/g, "");

Note that this will only help you get rid of the warning. I doubt that this warning is what is causing the image to be blank - so you probably need to ask one more question on that.

like image 161
Wladimir Palant Avatar answered Nov 03 '22 07:11

Wladimir Palant

@WladimirPalant has a good description. If you experience this on a site that you do not control you can start Chrome with the command below and Chrome will accept the scripts.

Windows:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --allow-scripts

Linux:

google-chrome --args --allow-scripts
like image 27
Ogglas Avatar answered Nov 03 '22 07:11

Ogglas
Sign in to Comment

Related questions

Calculate an expected delivery date (accounting for holidays) in business days using JavaScript?
Node/Express Generate a one time route / link / download?
Post Kendo Grid data to Controller in MVC
Completely disable a handsontable
How to get the parent window URL from Iframe?
Count the number of items in json with conditions
getElementByTagName() not working? [closed]
Display the first item in hasMany ember relationship in handlebars template
disable dragging in specific element (Item) in “Owl carousel” - jquery
DOMParser appending <script> tags to <head>/<body> but not executing
localstorage - save array [duplicate]
How to run single e2e test with grunt and protractor
Short way to replace content of an array
concatenate date and time in google spreadsheet
How to convert columns to rows using CSS
How do I print different page using javascript/jQuery/ajax?
How do I make text inside the title tag animate using JavaScript?
Socket.io 1.0 + express 4.2 = no socket connection
`Background size: cover` fill up border
How can I get the value of an input in a specific table cell using javascript?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!