Needs work
Project:
JavaScript Libraries Manager
Version:
7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
18 May 2012 at 11:00 UTC
Updated:
26 Aug 2014 at 01:00 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
pwolanin commentedIt's a query-string issue or an issue of the extension?
Comment #2
ardas commentedI think the problem is in this function where you validate external path:
Looks like you don't permit to use external JS files without either JS or TXT expression. Sometimes, 3d party services provides their JS libraries by different URLs, there may be no extension at all or several GET parameters. In these cases we can't use this module because of this limitation.
Since this limitation will not help with security I propose to remove this preg_match() and make the validation not that strict.
Your thoughts?
Comment #3
rkallensee commentedI have the same issue. To provide an example: I tried to include the Google Maps API with the following URL:
https://maps.googleapis.com/maps/api/js?key=API_KEY&sensor=falseThis is not possible with the current check for an extension
(js|txt). I would second the proposal to remove the check for the extension in the external URL, since it doesn't help much and prevents embedding JS sources like the Google Maps API completely.Comment #4
ryandekker commentedHere's a patch that uses Drupal's valid_url() function instead. This will still help the admin catch a URL that isn't a valid external URL, without being overly strict so as to prevent URLs which are valid. Query and fragments are pretty common pieces of URLs, as highlighted above.