I figured it out. I just changed the Content Security Policy parameters to
"script-src 'self' https://www.google.com/*
so that all sources from www.google.com and sub-sites area allowed.
Also, instead of having an inline event handler, I changed my button to as follows:
<button type="button" class="button">CREATE NEW EVENT</button><br><br>
Then in my javascript file I added:
$('.button').bind('click', createNewEvent());
All this, instead of:
<button type="button" class="button" onclick="createNewEvent()">CREATE NEW EVENT</button><br><br>