Print

Print


To get around XSS you can use GET requests to your logging script, 
sending the data as arguments by one of two methods (maybe there are 
others?):

    * one way is to just "get" an Image by setting an image's SRC to
      your logging script.
    * another is to have an inline IFRAME where you also change its SRC
      to your logging script's URL.

You might have to have some built-in delay to let the logging script 
have time to actually log the event before the form gets submitted... 
I'm thinking using setTimeout() in javascript.

_alejandro

Yitzchak Schaffer said the following on 23/11/2009 06:01 p.m.:
> Alejandro Garza Gonzalez wrote:
>> 1) You *can* use GA and some Javascript embedded in your III pages to 
>> log "events" (as they´re called in GA lingo). The javascript 
>> (depending on your coding wizardry level) could track anything from 
>> hovers over elements, form submission, "next page" events, etc.
>
> Hi Alejandro,
>
> Thanks for a great suggestion.  I tried poking around at it; it seems 
> to me like Events aren't built for what I'm really interested in 
> doing, namely systematic exploration and analysis of the search 
> sessions.  IOW, let's say a form looks like
>
> t=finn
> a=twain
> l=circ,reserve
>
> It looks like I could log this as three separate events, or one; but 
> either way, how would one analyze this?  I'm not interested (solely) 
> in how many times this particular query was entered.
>
> I started looking at ways to funnel the params into my own tracking 
> script, the prototype of which just writes a line to a text file with 
> a JSON serialization of the form data; but I'm not a JS ninja, so I'm 
> still trying to figure out how to get around the XSS problems.
>
> Ruddy III turnkey...
>

-- 
_________________ ___ _ _ _ _ _ _ _
*Ing. Alejandro Garza González*
Coordinación de proyectos y desarrollo de sistemas
Centro Innov@TE, Centro para la Innovación en Tecnología y Educación
Tecnológico de Monterrey

Tel. +52 [81] 8358.2000, Ext. 6751
Enlace intercampus: 80.689.6751, 80.788.6106
http://www.itesm.mx/innovate/

El contenido de este mensaje de datos no se considera oferta, propuesta 
o acuerdo, sino hasta que sea confirmado en documento por escrito que 
contenga la firma autógrafa del apoderado legal del ITESM. El contenido 
de este mensaje de datos es confidencial y se entiende dirigido y para 
uso exclusivo del destinatario, por lo que no podrá distribuirse y/o 
difundirse por ningún medio sin la previa autorización del emisor 
original. Si usted no es el destinatario, se le prohíbe su utilización 
total o parcial para cualquier fin.

The content of this data transmission must not be considered an offer, 
proposal, understanding or agreement unless it is confirmed in a 
document signed by a legal representative of ITESM. The content of this 
data transmission is confidential and is intended to be delivered only 
to the addressees. Therefore, it shall not be distributed and/or 
disclosed through any means without the authorization of the original 
sender. If you are not the addressee, you are forbidden from using it, 
either totally or partially, for any purpose.