Feature - Google Analytics - Simplified Module & Escaped the Script to prevent XXS.

This commit is contained in:
c 2023-01-12 13:17:26 +00:00
parent fb2999706c
commit 3ff0cbe311
2 changed files with 29 additions and 29 deletions

View file

@ -56,7 +56,10 @@ class StatusPage extends BeanModel {
await StatusPage.getStatusPageData(statusPage).then( (page) => {
if (page.config?.googleAnalyticsId) {
head.append($(googleAnalytics.getGoogleAnalyticsScript(page.config.googleAnalyticsId)));
let escapedGoogleAnalyticsScript = jsesc(googleAnalytics.getGoogleAnalyticsScript(page.config.googleAnalyticsId), {
"isScriptContext": true
});
head.append($(escapedGoogleAnalyticsScript));
}
});

View file

@ -1,30 +1,27 @@
let GoogleAnalytics = (() => {
/**
* Returns a string that represents the javascript that is required to insert the Google Analytics scripts
* into a webpage.
* @param tagId Google UA/G/AW/DC Property ID to use with the Google Analytics script.
* @returns {string}
*/
function getGoogleAnalyticsScript(tagId) {
return "<script async src=\"https://www.googletagmanager.com/gtag/js?id=" + tagId + "\"></script>" +
"<script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '" + tagId + "'); </script>";
}
/**
* Returns true if the tag conforms to the format of 1-2 Letters followed by a dash and 8 numbers.
* This should take care of the following property tag formats:
* UA-########, G-########, AW-########, DC-########
* @param {String} tagInput Google UA/G/AW/DC Property ID
* @returns {boolean}
*/
function isValidTag(tagInput) {
const re = /^\w{1,2}-\d{8}$/g;
return tagInput.match(re) != null;
}
/**
* Returns true if the tag conforms to the format of 1-2 Letters followed by a dash and 8 numbers.
* This should take care of the following property tag formats:
* UA-########, G-########, AW-########, DC-########
* @param {String} tagInput Google UA/G/AW/DC Property ID
* @returns {boolean}
*/
function isValidTag(tagInput) {
const re = /^\w{1,2}-\d{8}$/g;
return tagInput.match(re) != null;
}
return {
getGoogleAnalyticsScript: getGoogleAnalyticsScript,
isValidTag: isValidTag
};
})();
/**
* Returns a string that represents the javascript that is required to insert the Google Analytics scripts
* into a webpage.
* @param tagId Google UA/G/AW/DC Property ID to use with the Google Analytics script.
* @returns {string}
*/
function getGoogleAnalyticsScript(tagId) {
return "<script async src=\"https://www.googletagmanager.com/gtag/js?id=" + tagId + "\"></script>" +
"<script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date());gtag('config', '" + tagId + "'); </script>";
}
module.exports = GoogleAnalytics;
module.exports = {
getGoogleAnalyticsScript,
isValidTag,
};