Feature - Google Analytics - Simplified Module & Escaped the Script to prevent XXS.

This commit is contained in:
c 2023-01-12 13:17:26 +00:00
parent fb2999706c
commit 3ff0cbe311
2 changed files with 29 additions and 29 deletions

View file

@ -56,7 +56,10 @@ class StatusPage extends BeanModel {
await StatusPage.getStatusPageData(statusPage).then( (page) => { await StatusPage.getStatusPageData(statusPage).then( (page) => {
if (page.config?.googleAnalyticsId) { if (page.config?.googleAnalyticsId) {
head.append($(googleAnalytics.getGoogleAnalyticsScript(page.config.googleAnalyticsId))); let escapedGoogleAnalyticsScript = jsesc(googleAnalytics.getGoogleAnalyticsScript(page.config.googleAnalyticsId), {
"isScriptContext": true
});
head.append($(escapedGoogleAnalyticsScript));
} }
}); });

View file

@ -1,30 +1,27 @@
let GoogleAnalytics = (() => { /**
/** * Returns true if the tag conforms to the format of 1-2 Letters followed by a dash and 8 numbers.
* Returns a string that represents the javascript that is required to insert the Google Analytics scripts * This should take care of the following property tag formats:
* into a webpage. * UA-########, G-########, AW-########, DC-########
* @param tagId Google UA/G/AW/DC Property ID to use with the Google Analytics script. * @param {String} tagInput Google UA/G/AW/DC Property ID
* @returns {string} * @returns {boolean}
*/ */
function getGoogleAnalyticsScript(tagId) { function isValidTag(tagInput) {
return "<script async src=\"https://www.googletagmanager.com/gtag/js?id=" + tagId + "\"></script>" + const re = /^\w{1,2}-\d{8}$/g;
"<script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '" + tagId + "'); </script>"; return tagInput.match(re) != null;
} }
/** /**
* Returns true if the tag conforms to the format of 1-2 Letters followed by a dash and 8 numbers. * Returns a string that represents the javascript that is required to insert the Google Analytics scripts
* This should take care of the following property tag formats: * into a webpage.
* UA-########, G-########, AW-########, DC-######## * @param tagId Google UA/G/AW/DC Property ID to use with the Google Analytics script.
* @param {String} tagInput Google UA/G/AW/DC Property ID * @returns {string}
* @returns {boolean} */
*/ function getGoogleAnalyticsScript(tagId) {
function isValidTag(tagInput) { return "<script async src=\"https://www.googletagmanager.com/gtag/js?id=" + tagId + "\"></script>" +
const re = /^\w{1,2}-\d{8}$/g; "<script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '" + tagId + "'); </script>";
return tagInput.match(re) != null; }
}
return {
getGoogleAnalyticsScript: getGoogleAnalyticsScript,
isValidTag: isValidTag
};
})();
module.exports = GoogleAnalytics; module.exports = {
getGoogleAnalyticsScript,
isValidTag,
};