1. Modified code so that external script includes from a secure (https) source in a template are also accepted.

2. Removed include of google vis  api form individual template & moved it to sparkline template.

webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/files/Files.java

@@ -2,7 +2,9 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels.files;
 
+import java.util.HashSet;
 import java.util.LinkedHashSet;
+import java.util.Set;
 
 import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel;
 
@@ -11,6 +13,12 @@ public abstract class Files extends BaseTemplateModel {
     protected LinkedHashSet<String> list = null;
     private String themeDir = null;
     
+    @SuppressWarnings("serial")
+	private static final Set<String> allowedExternalUrlPatterns = new HashSet<String>() {{
+    	add("http://");
+    	add("https://");
+    }};  
+    
     public Files() {
         this.list = new LinkedHashSet<String>();
     }
@@ -25,9 +33,17 @@ public abstract class Files extends BaseTemplateModel {
     }
     
     public void add(String path) {
+
     	// Allow for an external url
-    	String url = path.startsWith("http://") ? path : getUrl(path);
-        list.add(url);
+    	for (String currentPattern : allowedExternalUrlPatterns) {
+    		if (path.startsWith(currentPattern)) {
+    			list.add(path);
+    			return;
+    		}
+    	}
+
+    	// If an external url pattern was not found. 
+        list.add(getUrl(path));
     }
     
     public void add(String... paths) {