Google Visualization API Sample

[Culley Harrelson]

I am working with the sample code seen here:

https://developers.google.com/chart/interactive/docs/reference#chartwrapperobject

I have copied the content of the "using setter methods" example and published it here:

http://www.k2tog.com/test.html

As you can see, the example does not work because of the XSS settings.  Is this something I can fix with the server headers?  I have also tried it locally and got the same error.

culley

[Ray Thomas]

Hi Culley,

I think it's the authorization key causing this. You'll need to read https://developers.google.com/chart/interactive/docs/spreadsheets#authorization which explains how to obtain your own OAuth credentials.

My own preference is to simply make the spreadsheet readable to anyone with the link. The same page explains how to do that and use either the GID or the name of the sheet to read the data from it.

I don't use OAuth often. My own feeling is that I'm drawing a public chart from a Google sheet and anything I'd prefer to be kept private shouldn't be in the same sheet anyway.

Ray

[Culley Harrelson]

Hi Ray,

I will read up on oauth! But this is the example from the developer documentation.  The spreadsheet they are working with produces JSON output:

http://spreadsheets.google.com/tq?key=pCQbetd-CptGXxxQIG7VFIQ&pub=1

and is unrestricted.

culley

[Daniel LaLiberte]

Hi Culley,

The problem you are having *might* be related to the change of how queries are made in the last release, such that they are now more secure.  Older versions of spreadsheets can't process the queries in the new way, hence the failure, so one solution might be to convert your spreadsheet to a new version (by creating a new spreadsheet, and copying in the contents from the old one).  Another solution might be to use an older version of Google Charts.

Hope that helps.

--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualizati...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/7d4d0b78-39cd-4d95-a9b6-ab513386ecdan%40googlegroups.com.

--

• Daniel LaLiberte  • SWE  • Cambridge MA  • dlaliberte@Google.com

[Ray Thomas]

I think it is a security issue and the solutions offered by Daniel should work.

I copied the code into Adobe DreamWeaver. That's got a lightweight browser that doesn't care about XSS or practically any other security issues. The code as written works! 

I then uploaded the HTML file onto a server and got the same errors as Culley did - http://brisray.com/test/culley1.htm

I then created a Google Sheet of my own with data copied from Wikipedia - https://docs.google.com/spreadsheets/d/1tswaWUAbeBijHq4o505w0h7TmbD-qGhR3jBactcbGq0/edit#gid=1641796119 - and used that as a source in http://brisray.com/test/culley2.htm and that works as well.

I changed the code slightly from:

 wrap.setDataSourceUrl('http://spreadsheets.google.com/tq?key=pCQbetd-CptGXxxQIG7VFIQ&pub=1');

    wrap.setContainerId('visualization');

    wrap.setQuery('SELECT A,D WHERE D > 100 ORDER BY D');

to my own spreadsheet:

wrap.setDataSourceUrl('https://docs.google.com/spreadsheets/d/1tswaWUAbeBijHq4o505w0h7TmbD-qGhR3jBactcbGq0/gviz/tq?gid=1641796119&headers=1');

    wrap.setContainerId('visualization');

    wrap.setQuery('SELECT A,F WHERE F > 100 ORDER BY A');

Code as written in Dreamweaver: