Why a bad idea not to run it from Google and violating terms and conditions!

Viruses and worms
1

Dear website coders using googlejsApi,

Found this jsapi code for running on local machine at StackOverflow’s:

 /* global angular */ (function(){angular.module('googlechart').provider('googleJsapiUrl', googleJsapiUrlProvider);function googleJsapiUrlProvider() {var protocol = 'http:';var url = '//localhost/yourApplicationName/Scripts/chart/jsapi.js';this.setProtocol = function (newProtocol) {protocol = newProtocol;};this.setUrl = function (newUrl) {url = newUrl;};this.$get = function () {return (protocol ? protocol : '') + url;};} })();

added the file locally in anguarjs application code by SantoshK (on Stackoverflow’s)…

When validated this is kicking up the following errors
(and why it wasn’t checked for this before running it?)

found JavaScript
     error: undefined variable angular
     error: undefined function angular.module

Move the inline script right after the account.js.
Also the variable should be account instead of accountModule

  • info credit Pankaj Parkar.

On many websites where I check retirable code for same origin, we have seen this issue repeatedly pop-up: https://groups.google.com/forum/#!topic/google-visualization-api/R03-Mv1zanI
Even with no other issues the website immediately gets a SRI Hashes B-Status that way.

Also check not to use un-whitelisted and un-sanithised data from urls, url fragments, query strings and cookies, inclusing un-trusted and un-reviewed 3rd party JS libraries, [i]well we had a glorious example of that here.[/i] Using outdated/unpatched 3rd party JS-libraries, see with retireJS.
Quote taken from the Retire.js page.

What one requires one should also retire!

polonus (volunteer website security analyst and website error-hunter)