script-src 'unsafe-eval'

[Anthony D'Andrea]

Using Google Charts on my site and I removed

script-src 'unsafe-eval'

from my CSP headers. Now the chart fails to render. It now displays an invalid JSON error. It would be nice if google charts didn't require unsafe-eval so I can be more secure.

[Daniel LaLiberte]

Hi Anthony,

As noted in David Konrad's answer to this StackOverflow question, the remaining use of eval() in Google Charts code involves browser compatibility.  We are now using JSON.parse() in most situations, if it is available.   We also have to resolve at least one more use of eval, when processing the response to an XHR request for data from a spreadsheet.   The issue here involves calling the JavaScript Date() constructor to create date values, but this use can be entirely replaced by our Date string notation.

But there is one other use of eval that will be more difficult to resolve.  When more than one google.load() call is made to load additional code, this must be done in the context of the originally loaded code, and currently, this must be done with an eval().  A simple alternative is to just not support additional calls to google.load().

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualizati...@googlegroups.com.
To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-visualization-api.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte  - 978-394-1058

dlaliberte@Google.com   5CC, Cambridge MA

daniel.laliberte@GMail.com 9 Juniper Ridge Road, Acton MA

[Sacha]

Hi Daniel,

Has this been resolved now ? If not, is there a work around this eval() function ?

For security purposes, we have to remove `unsafe-eval` from the CSP and this now breaks our charts...

Thank you.

On Wednesday, June 10, 2015 at 11:05:01 PM UTC+10, Daniel LaLiberte wrote:

Hi Anthony,

As noted in David Konrad's answer to this StackOverflow question, the remaining use of eval() in Google Charts code involves browser compatibility.  We are now using JSON.parse() in most situations, if it is available.   We also have to resolve at least one more use of eval, when processing the response to an XHR request for data from a spreadsheet.   The issue here involves calling the JavaScript Date() constructor to create date values, but this use can be entirely replaced by our Date string notation.

But there is one other use of eval that will be more difficult to resolve.  When more than one google.load() call is made to load additional code, this must be done in the context of the originally loaded code, and currently, this must be done with an eval().  A simple alternative is to just not support additional calls to google.load().

On Tue, Jun 9, 2015 at 7:29 PM, Anthony D'Andrea <anth...@gmail.com> wrote:

Using Google Charts on my site and I removed

script-src 'unsafe-eval'

from my CSP headers. Now the chart fails to render. It now displays an invalid JSON error. It would be nice if google charts didn't require unsafe-eval so I can be more secure.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-visualization-api.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte  - 978-394-1058

dlali...@Google.com   5CC, Cambridge MA

daniel.l...@GMail.com 9 Juniper Ridge Road, Acton MA

[Daniel LaLiberte]

I have changed the loader to no longer require eval for dynamic loading. This is available for the 'current' version (v45.2) as well as v45 and v45.1.  That was the most complex and real requirement for eval, so I am glad we are done with that.

But I just did a search through the code for other uses of eval, and apparently there are still a few, though mostly incidental.  However, it appears we do use eval now even when we could (and should) be using JSON.parse.  Now that I see that, I'll make amends.  I don't anticipate there should be any serious obstacles, but I've been surprised before.

On Mon, Sep 11, 2017 at 9:37 PM, Sacha <sacha....@gmail.com> wrote:

Hi Daniel,

Has this been resolved now ? If not, is there a work around this eval() function ?

For security purposes, we have to remove `unsafe-eval` from the CSP and this now breaks our charts...

Thank you.

On Wednesday, June 10, 2015 at 11:05:01 PM UTC+10, Daniel LaLiberte wrote:

Hi Anthony,

As noted in David Konrad's answer to this StackOverflow question, the remaining use of eval() in Google Charts code involves browser compatibility.  We are now using JSON.parse() in most situations, if it is available.   We also have to resolve at least one more use of eval, when processing the response to an XHR request for data from a spreadsheet.   The issue here involves calling the JavaScript Date() constructor to create date values, but this use can be entirely replaced by our Date string notation.

But there is one other use of eval that will be more difficult to resolve.  When more than one google.load() call is made to load additional code, this must be done in the context of the originally loaded code, and currently, this must be done with an eval().  A simple alternative is to just not support additional calls to google.load().

On Tue, Jun 9, 2015 at 7:29 PM, Anthony D'Andrea <anth...@gmail.com> wrote:

Using Google Charts on my site and I removed

script-src 'unsafe-eval'

from my CSP headers. Now the chart fails to render. It now displays an invalid JSON error. It would be nice if google charts didn't require unsafe-eval so I can be more secure.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsubscr...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-visualization-api.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte  - 978-394-1058

dlali...@Google.com   5CC, Cambridge MA

daniel.l...@GMail.com 9 Juniper Ridge Road, Acton MA

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.

To post to this group, send email to google-visualization-api@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/892c812b-143b-4701-8168-8c3c4167a138%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlaliberte@Google.com   5CC, Cambridge MA

[Sacha]

Great to know that you are working on it, thanks for that. Could you please update this thread when you release a new version without eval ?

Many thanks!

On Tuesday, September 12, 2017 at 1:04:14 PM UTC+10, Daniel LaLiberte wrote:

I have changed the loader to no longer require eval for dynamic loading. This is available for the 'current' version (v45.2) as well as v45 and v45.1.  That was the most complex and real requirement for eval, so I am glad we are done with that.

But I just did a search through the code for other uses of eval, and apparently there are still a few, though mostly incidental.  However, it appears we do use eval now even when we could (and should) be using JSON.parse.  Now that I see that, I'll make amends.  I don't anticipate there should be any serious obstacles, but I've been surprised before.

On Mon, Sep 11, 2017 at 9:37 PM, Sacha <sacha....@gmail.com> wrote:

Hi Daniel,

Has this been resolved now ? If not, is there a work around this eval() function ?

For security purposes, we have to remove `unsafe-eval` from the CSP and this now breaks our charts...

Thank you.

On Wednesday, June 10, 2015 at 11:05:01 PM UTC+10, Daniel LaLiberte wrote:

Hi Anthony,

As noted in David Konrad's answer to this StackOverflow question, the remaining use of eval() in Google Charts code involves browser compatibility.  We are now using JSON.parse() in most situations, if it is available.   We also have to resolve at least one more use of eval, when processing the response to an XHR request for data from a spreadsheet.   The issue here involves calling the JavaScript Date() constructor to create date values, but this use can be entirely replaced by our Date string notation.

But there is one other use of eval that will be more difficult to resolve.  When more than one google.load() call is made to load additional code, this must be done in the context of the originally loaded code, and currently, this must be done with an eval().  A simple alternative is to just not support additional calls to google.load().

On Tue, Jun 9, 2015 at 7:29 PM, Anthony D'Andrea <anth...@gmail.com> wrote:

Using Google Charts on my site and I removed

script-src 'unsafe-eval'

from my CSP headers. Now the chart fails to render. It now displays an invalid JSON error. It would be nice if google charts didn't require unsafe-eval so I can be more secure.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.
To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-visualization-api.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte  - 978-394-1058

dlali...@Google.com   5CC, Cambridge MA

daniel.l...@GMail.com 9 Juniper Ridge Road, Acton MA

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.

Visit this group at https://groups.google.com/group/google-visualization-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/892c812b-143b-4701-8168-8c3c4167a138%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlali...@Google.com   5CC, Cambridge MA

[Daniel LaLiberte]

I will try to remember to post a followup here.  But I usually forget such things.

On Mon, Sep 11, 2017 at 11:51 PM, Sacha <sacha....@gmail.com> wrote:

Great to know that you are working on it, thanks for that. Could you please update this thread when you release a new version without eval ?

Many thanks!

On Tuesday, September 12, 2017 at 1:04:14 PM UTC+10, Daniel LaLiberte wrote:

I have changed the loader to no longer require eval for dynamic loading. This is available for the 'current' version (v45.2) as well as v45 and v45.1.  That was the most complex and real requirement for eval, so I am glad we are done with that.

But I just did a search through the code for other uses of eval, and apparently there are still a few, though mostly incidental.  However, it appears we do use eval now even when we could (and should) be using JSON.parse.  Now that I see that, I'll make amends.  I don't anticipate there should be any serious obstacles, but I've been surprised before.

On Mon, Sep 11, 2017 at 9:37 PM, Sacha <sacha....@gmail.com> wrote:

Hi Daniel,

Has this been resolved now ? If not, is there a work around this eval() function ?

For security purposes, we have to remove `unsafe-eval` from the CSP and this now breaks our charts...

Thank you.

On Wednesday, June 10, 2015 at 11:05:01 PM UTC+10, Daniel LaLiberte wrote:

Hi Anthony,

As noted in David Konrad's answer to this StackOverflow question, the remaining use of eval() in Google Charts code involves browser compatibility.  We are now using JSON.parse() in most situations, if it is available.   We also have to resolve at least one more use of eval, when processing the response to an XHR request for data from a spreadsheet.   The issue here involves calling the JavaScript Date() constructor to create date values, but this use can be entirely replaced by our Date string notation.

But there is one other use of eval that will be more difficult to resolve.  When more than one google.load() call is made to load additional code, this must be done in the context of the originally loaded code, and currently, this must be done with an eval().  A simple alternative is to just not support additional calls to google.load().

On Tue, Jun 9, 2015 at 7:29 PM, Anthony D'Andrea <anth...@gmail.com> wrote:

Using Google Charts on my site and I removed

script-src 'unsafe-eval'

from my CSP headers. Now the chart fails to render. It now displays an invalid JSON error. It would be nice if google charts didn't require unsafe-eval so I can be more secure.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsubscr...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-visualization-api.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte  - 978-394-1058

dlali...@Google.com   5CC, Cambridge MA

daniel.l...@GMail.com 9 Juniper Ridge Road, Acton MA

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsubscr...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.

Visit this group at https://groups.google.com/group/google-visualization-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/892c812b-143b-4701-8168-8c3c4167a138%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlali...@Google.com   5CC, Cambridge MA

--

You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.

To post to this group, send email to google-visualization-api@googlegroups.com.

Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/6554c656-f744-4959-a279-0b9ad3760718%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlaliberte@Google.com   5CC, Cambridge MA

[Kirschner]

I stepped on this problem too, is the upcomming(?) v46 free of evals?

[Edward Hartwell Goose]

We're just evaluating using a CSP and can confirm we see `unsafe-eval`. It looks like the code is nearly there in the upcoming version - we just trip up in one place, in gvjs_Jh within the compiled_format module. 

Daniel - is there anything we can do to help provide you with test cases or similar to help you nail this? I'd be glad to help. 

[Daniel LaLiberte]

The source for this code is:  

gviz.json.unsafeDeserialize = function(jsonString) {
  if (gviz.UNSAFE_EVAL && !gviz.json.cspCompliantMode_) {
    // Add parentheses to disambiguate object literal from control structure
    jsonString = '(' + jsonString + ')';
    // Not using JSON.parse since it does not support the "new" operator.
    var jsonObject = eval(jsonString);
    return /** @type {!Object} */ (gviz.json.fixDateStrings_(jsonObject));
  } else {
    return /** @type {?Object} */ (JSON.parse(jsonString));
  }
};

Note the check for !gviz.json.cspCompliantMode_. We have no code that sets it to true now, so I expect I can just force JSON.parse to be used always.  I'll do that now, and it will be part of the v46 release.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.
To post to this group, send email to google-visualization-api@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/45477d15-c886-4f8f-96cc-2429b4815dc5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Daniel LaLiberte]

Embarrassingly, I must admit I got the logic backwards since gviz.json.cspColiantMode_ is false by default, and so we are still using the eval call.  But I am nevertheless confident we can avoid this since we have alternatives in place.

On Fri, Mar 2, 2018 at 4:55 PM, Daniel LaLiberte <dlali...@google.com> wrote:

The source for this code is:  

gviz.json.unsafeDeserialize = function(jsonString) {
  if (gviz.UNSAFE_EVAL && !gviz.json.cspCompliantMode_) {
    // Add parentheses to disambiguate object literal from control structure
    jsonString = '(' + jsonString + ')';
    // Not using JSON.parse since it does not support the "new" operator.
    var jsonObject = eval(jsonString);
    return /** @type {!Object} */ (gviz.json.fixDateStrings_(jsonObject));
  } else {
    return /** @type {?Object} */ (JSON.parse(jsonString));
  }
};

Note the check for !gviz.json.cspCompliantMode_. We have no code that sets it to true now, so I expect I can just force JSON.parse to be used always.  I'll do that now, and it will be part of the v46 release.

On Fri, Mar 2, 2018 at 3:50 PM, Edward Hartwell Goose <e...@mention-me.com> wrote:

We're just evaluating using a CSP and can confirm we see `unsafe-eval`. It looks like the code is nearly there in the upcoming version - we just trip up in one place, in gvjs_Jh within the compiled_format module. 

Daniel - is there anything we can do to help provide you with test cases or similar to help you nail this? I'd be glad to help. 

On Wednesday, 28 February 2018 17:16:11 UTC, Kirschner wrote:

I stepped on this problem too, is the upcomming(?) v46 free of evals?

On Tuesday, September 12, 2017 at 6:37:07 AM UTC+2, Daniel LaLiberte wrote:

I will try to remember to post a followup here.  But I usually forget such things.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsubscr...@googlegroups.com.

To post to this group, send email to google-visualization-api@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/45477d15-c886-4f8f-96cc-2429b4815dc5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlaliberte@Google.com   5CC, Cambridge MA

[Edward Hartwell Goose]

Awesome - thank you Daniel. 

Does usage of this require one of the particular date formats to be used (as per https://developers.google.com/chart/interactive/docs/datesandtimes) or am I reading too much into the fixDateStrings_ function?

On Friday, 2 March 2018 21:55:17 UTC, Daniel LaLiberte wrote:

The source for this code is:  

gviz.json.unsafeDeserialize = function(jsonString) {
  if (gviz.UNSAFE_EVAL && !gviz.json.cspCompliantMode_) {
    // Add parentheses to disambiguate object literal from control structure
    jsonString = '(' + jsonString + ')';
    // Not using JSON.parse since it does not support the "new" operator.
    var jsonObject = eval(jsonString);
    return /** @type {!Object} */ (gviz.json.fixDateStrings_(jsonObject));
  } else {
    return /** @type {?Object} */ (JSON.parse(jsonString));
  }
};

Note the check for !gviz.json.cspCompliantMode_. We have no code that sets it to true now, so I expect I can just force JSON.parse to be used always.  I'll do that now, and it will be part of the v46 release.

On Fri, Mar 2, 2018 at 3:50 PM, Edward Hartwell Goose <e...@mention-me.com> wrote:

We're just evaluating using a CSP and can confirm we see `unsafe-eval`. It looks like the code is nearly there in the upcoming version - we just trip up in one place, in gvjs_Jh within the compiled_format module. 

Daniel - is there anything we can do to help provide you with test cases or similar to help you nail this? I'd be glad to help. 

On Wednesday, 28 February 2018 17:16:11 UTC, Kirschner wrote:

I stepped on this problem too, is the upcomming(?) v46 free of evals?

On Tuesday, September 12, 2017 at 6:37:07 AM UTC+2, Daniel LaLiberte wrote:

I will try to remember to post a followup here.  But I usually forget such things.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.

Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/45477d15-c886-4f8f-96cc-2429b4815dc5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlali...@Google.com   5CC, Cambridge MA

[Edward Hartwell Goose]

Ah. Our messages crossed - not a problem, thank you for looking into this.   

[Daniel LaLiberte]

This change won't require any changes of current usage, with the possible exception of using a JSON string that is not a proper JSON string because it contains a new Date(...) rather than the equivalent string date notation ("Date(...)").  I don't think we ever supported that, however, so there should be no current (working) cases.  We'll see how much trouble this causes.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsubscr...@googlegroups.com.

To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/45477d15-c886-4f8f-96cc-2429b4815dc5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlali...@Google.com   5CC, Cambridge MA

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.

To post to this group, send email to google-visualization-api@googlegroups.com.

Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/539045f7-ffda-4940-863a-064e1691b87f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlaliberte@Google.com   5CC, Cambridge MA

[David Jacobowitz]

Hi there. New to the group.

Just want to +1 on looking forward to all evals being gone. I'm trying to run charts in a Chrome extension, and cannot do so without 'unsafe-eval'.

It looks like the current version of 46 in upcoming does not have this fix yet, right?

[Daniel LaLiberte]

I haven't updated v46 yet to include the changes that remove this particular call of eval.  I'm working on finishing off some changes to the Histogram chart which ended up being fairly substantial, but I'm hoping I'll be done this weekend.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.
To post to this group, send email to google-visualization-api@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/c53dcb6c-540b-497d-beee-d57772876534%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Philip Norton]

I notice that using the "upcoming" version of 46 still uses evals and requires CSP to include "unsafe-eval". Any ETA on when this will be live?

[Daniel LaLiberte]

The internal development version can't be rolled out to update the 'upcoming' version until I resolve these other issues.  I'll set aside some time this weekend to try to finish it up.

On Fri, Jul 20, 2018 at 4:36 AM Philip Norton <phi...@adam.co.za> wrote:

I notice that using the "upcoming" version of 46 still uses evals and requires CSP to include "unsafe-eval". Any ETA on when this will be live?

--

You received this message because you are subscribed to the Google Groups "Google Visualization API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-visualizati...@googlegroups.com.
To post to this group, send email to google-visua...@googlegroups.com.

Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/90c16143-123a-44b5-a1ae-0de437433335%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Harrison Burton]

As another Dev looking to remove 'unsafe-eval', I'm bumping this issue. A month later, do we have an ETA?

On Friday, July 20, 2018 at 11:29:01 PM UTC+10, Daniel LaLiberte wrote:

The internal development version can't be rolled out to update the 'upcoming' version until I resolve these other issues.  I'll set aside some time this weekend to try to finish it up.

[Sora2455]

I guess that's a no?

[Edward Hartwell Goose]

Just in case anyone else subscribed to this missed the release - I can confirm this is now fixed. See https://developers.google.com/chart/interactive/docs/release_notes#current-october-1-2018, last bullet point.

Thank you Daniel et al for resolving.

Ed

[Daniel LaLiberte]

Yes, at long last, I am glad to finally get v46 rolled out with the fixes for CSP compliance.

--

You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualizati...@googlegroups.com.
To post to this group, send email to google-visua...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/06e7f59e-3415-4d75-a5ea-668bea3d2e8c%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Daniel LaLiberte

dlaliberte@Google.com   Cambridge MA