Readium can't find CSS or JS files of Epub3 books

[kircof]

This issue is a Bug

Related issue(s) and/or pull request(s) Example: See also #466

Expected Behaviour Display Epub3 books as it did before.

Observed behaviour It doesn't show any html objects, js files or css files.

Steps to reproduce

1. Open readium chrome app
2. Load book.
3. Open book.

Test file(s) https://drive.google.com/file/d/15MXPINrQ7FR-O7LVUaG0shkdwMylBq7C/view?usp=sharing

Product

Choose one of the following (and delete the others)

• Readium Chrome extension *Version 2.28.0
  • Version 61.0.3163.100 (Official Build) (64-bit)
  • Windows 10 Pro Version 1703 OS Build 15063.674

Additional information

We make epub's 3 with Indesign and we use html objects and use JavaScript and CSS files. We had no problems before but recently we our html object's don't show and Chrome's debugger shows the next erros:

The first error always is: "" Uncaught TypeError: Cannot read property 'ownerDocument' of null ""

and then in certain pages:

"" algorithm incorrect: downshiftedEntry.orderingByLastUseTimestampIdx: 36, i: 36 -- /OEBPS/script/NAMEOFSCRIPT.js ""

OR

""algorithm incorrect: downshiftedEntry.orderingByLastUseTimestampIdx: 36, i: 36 -- /OEBPS/css/NAMEOFCSS.css ""

Any idea of why this happens? Or how to fix it? or what info I need to provide to help my case?

[danielweck]

I suspect this issue might be related to this one: https://github.com/readium/readium-js-viewer/issues/615#issuecomment-291188252 ...but I need to investigate.

[danielweck]

Could you please drag-and-drop your Car.epub file onto the "cloud reader" browser window ( https://readium.firebaseapp.com ), if possible in Chrome and other web browsers, and report back to us? Do you notice any missing features in your content? Thanks! PS: the "cloud reader" is based on exactly the same code as the Chrome app, so this will allow us to narrow down the issue to Chrome's Content Security Policy (if this is indeed the culprit).

[danielweck]

I tested your EPUB myself in the Chrome app. Problem confirmed (error message snippet from the Chrome web console):

Refused to execute inline event handler because
it violates the following Content Security Policy directive:
"default-src 'self' blob: filesystem: chrome-extension-resource:".
Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...')
is required to enable inline execution. Note also that 'script-src' was not explicitly set,
so 'default-src' is used as a fallback.

In other words, there is nothing Readium can do about this. Google Chrome security has been tightened at some point in the past, and this has broken a number of features in HTML files that rely on inline scripting (or other mechanism that are not allowed by the browser's Content Security Policy)

[danielweck]

Note that there are other issues in your InDesign exported EPUB, such as: <script src="script/" type="text/javascript"></script> (note the bogus src attribute value)

[danielweck]

...I also see Javascript errors in the console Uncaught ReferenceError: part1 is not defined in main.js.

[rkwright]

Are you using the InDesign output as-is or do post-process the output from ID (e.g. adding additional JavaScript, etc.)?

[danielweck]

PS: the inline event that causes problems is: body@onload="RegisterInteractiveHandlers();"

[kircof]

Thank you very much. I'll look into it