To get around XSS you can use GET requests to your logging script, 
sending the data as arguments by one of two methods (maybe there are 

    * one way is to just "get" an Image by setting an image's SRC to
      your logging script.
    * another is to have an inline IFRAME where you also change its SRC
      to your logging script's URL.

You might have to have some built-in delay to let the logging script 
have time to actually log the event before the form gets submitted... 
I'm thinking using setTimeout() in javascript.


Yitzchak Schaffer said the following on 23/11/2009 06:01 p.m.:
> Alejandro Garza Gonzalez wrote:
>> 1) You *can* use GA and some Javascript embedded in your III pages to 
>> log "events" (as they´re called in GA lingo). The javascript 
>> (depending on your coding wizardry level) could track anything from 
>> hovers over elements, form submission, "next page" events, etc.
> Hi Alejandro,
> Thanks for a great suggestion.  I tried poking around at it; it seems 
> to me like Events aren't built for what I'm really interested in 
> doing, namely systematic exploration and analysis of the search 
> sessions.  IOW, let's say a form looks like
> t=finn
> a=twain
> l=circ,reserve
> It looks like I could log this as three separate events, or one; but 
> either way, how would one analyze this?  I'm not interested (solely) 
> in how many times this particular query was entered.
> I started looking at ways to funnel the params into my own tracking 
> script, the prototype of which just writes a line to a text file with 
> a JSON serialization of the form data; but I'm not a JS ninja, so I'm 
> still trying to figure out how to get around the XSS problems.
> Ruddy III turnkey...

_________________ ___ _ _ _ _ _ _ _
*Ing. Alejandro Garza González*
Coordinación de proyectos y desarrollo de sistemas
Centro Innov@TE, Centro para la Innovación en Tecnología y Educación
Tecnológico de Monterrey

Tel. +52 [81] 8358.2000, Ext. 6751
Enlace intercampus: 80.689.6751, 80.788.6106

El contenido de este mensaje de datos no se considera oferta, propuesta 
o acuerdo, sino hasta que sea confirmado en documento por escrito que 
contenga la firma autógrafa del apoderado legal del ITESM. El contenido 
de este mensaje de datos es confidencial y se entiende dirigido y para 
uso exclusivo del destinatario, por lo que no podrá distribuirse y/o 
difundirse por ningún medio sin la previa autorización del emisor 
original. Si usted no es el destinatario, se le prohíbe su utilización 
total o parcial para cualquier fin.

The content of this data transmission must not be considered an offer, 
proposal, understanding or agreement unless it is confirmed in a 
document signed by a legal representative of ITESM. The content of this 
data transmission is confidential and is intended to be delivered only 
to the addressees. Therefore, it shall not be distributed and/or 
disclosed through any means without the authorization of the original 
sender. If you are not the addressee, you are forbidden from using it, 
either totally or partially, for any purpose.