To get around XSS you can use GET requests to your logging script,
sending the data as arguments by one of two methods (maybe there are
* one way is to just "get" an Image by setting an image's SRC to
your logging script.
* another is to have an inline IFRAME where you also change its SRC
to your logging script's URL.
You might have to have some built-in delay to let the logging script
have time to actually log the event before the form gets submitted...
Yitzchak Schaffer said the following on 23/11/2009 06:01 p.m.:
> Alejandro Garza Gonzalez wrote:
>> (depending on your coding wizardry level) could track anything from
>> hovers over elements, form submission, "next page" events, etc.
> Hi Alejandro,
> Thanks for a great suggestion. I tried poking around at it; it seems
> to me like Events aren't built for what I'm really interested in
> doing, namely systematic exploration and analysis of the search
> sessions. IOW, let's say a form looks like
> It looks like I could log this as three separate events, or one; but
> either way, how would one analyze this? I'm not interested (solely)
> in how many times this particular query was entered.
> I started looking at ways to funnel the params into my own tracking
> script, the prototype of which just writes a line to a text file with
> a JSON serialization of the form data; but I'm not a JS ninja, so I'm
> still trying to figure out how to get around the XSS problems.
> Ruddy III turnkey...
_________________ ___ _ _ _ _ _ _ _
*Ing. Alejandro Garza González*
Coordinación de proyectos y desarrollo de sistemas
Centro Innov@TE, Centro para la Innovación en Tecnología y Educación
Tecnológico de Monterrey
Tel. +52  8358.2000, Ext. 6751
Enlace intercampus: 80.689.6751, 80.788.6106
El contenido de este mensaje de datos no se considera oferta, propuesta
o acuerdo, sino hasta que sea confirmado en documento por escrito que
contenga la firma autógrafa del apoderado legal del ITESM. El contenido
de este mensaje de datos es confidencial y se entiende dirigido y para
uso exclusivo del destinatario, por lo que no podrá distribuirse y/o
difundirse por ningún medio sin la previa autorización del emisor
original. Si usted no es el destinatario, se le prohíbe su utilización
total o parcial para cualquier fin.
The content of this data transmission must not be considered an offer,
proposal, understanding or agreement unless it is confirmed in a
document signed by a legal representative of ITESM. The content of this
data transmission is confidential and is intended to be delivered only
to the addressees. Therefore, it shall not be distributed and/or
disclosed through any means without the authorization of the original
sender. If you are not the addressee, you are forbidden from using it,
either totally or partially, for any purpose.