堆栈内存溢出
  简体   繁体   English

动态地将Google Analytics(分析)跟踪代码包含到asp.net页面中

[英]Dynamically including Google Analytics tracking code into asp.net page

 原文  2014-05-30 13:51:22       javascript/ asp.net/ google-analytics

问题描述

There is a request on a project which maps the following case: 一个项目的请求映射了以下情况:

The client can save Google Analytics tracking code using a page. 客户端可以使用页面保存Google Analytics(分析)跟踪代码。 This code then, is inserted at runtime into the master's page website dynamically. 然后,此代码在运行时动态地插入到母版页网站中。

The part of inserting the script into the master's page was an easy one. 将脚本插入母版页的过程很简单。 One thing that I'm struggling with is the requirement of creating a page where the user can past the Google Analytics javascript code and save it to a sql server table. 我正在努力解决的一件事是需要创建一个页面,用户可以在该页面上粘贴Google Analytics(分析)JavaScript代码并将其保存到sql服务器表中。

Not the page itself but the security concerns. 不是页面本身,而是安全问题。 If I let the user to input any javascript code, save it to a database, then this code is inject at runtime into the master's page, I believe there's a HUGE security breach right there. 如果我让用户输入任何JavaScript代码,然后将其保存到数据库中,那么该代码将在运行时注入到母版页中,我相信那儿确实存在巨大的安全漏洞。

My question is, how can I implement this with security but still let the freedom for the user to insert the script? 我的问题是,如何在实现安全性的同时又让用户自由插入脚本? Is there a way to check if the script inserted is a real google analytics and not some malicious script? 有没有办法检查所插入的脚本是否是真实的Google Analytics(分析)而不是某些恶意脚本? I have done a lot of research but could not find anything usefull, so I believe SO is my last option. 我做了很多研究,但是找不到任何有用的东西,因此我相信SO是我的最后选择。

1 个解决方案

解决方案1
 0 已采纳  2014-05-30 13:54:56

I would think your best bet is to always keep the GA template, only allowing the "administrator" to pass in the GA account variables, and any code that would go in the "middle" - for example, event tracking code, etc. 我认为您最好的选择是始终保留GA模板,只允许“管理员”传递GA帐户变量以及“中间”的任何代码-例如事件跟踪代码等。

That being said.. I understand your concerns.. and they are valid.. but how often will this code change? 话虽如此..我理解您的担心..并且它们是有效的..但是此代码多久更改一次? And since it's code, shouldn't it be tested prior to implementation? 而且由于它是代码,因此在执行之前是否应该对其进行测试? Perhaps the best methodology is to have any of these requests go through the development team, and source control, and QA, and then production release? 也许最好的方法是让所有这些请求都经过开发团队,源代码控制,质量保证以及生产发布? In that regard, you can just "inject" this code from a local txt file, etc, so it's still somewhat plug and play, but with some source management around it... 在这方面,您可以只从本地txt文件等中“注入”此代码,因此它仍然可以即插即用,但是周围有一些源代码管理...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在ASP.NET映像上跟踪Google Analytics(分析) - Tracking Google Analytics on ASP.NET Image 在不跟踪该网页的情况下在网页上添加Google分析? - Including google analytics on a page without tracking that page? Google Analytics(分析)代码应位于asp.net的母版页还是每一页中? - Google Analytics code should be in master page or every page of asp.net? 使用 Google Analytics 时 ASP.NET 页面上的回发失败 - Postback fails on ASP.NET page when using Google Analytics 在asp.net网络应用程序中包含Google Analytics(分析)JavaScript代码 - Include Google analytics javascript code in asp.net web application 如何使用服务器ASP.NET MVC C#发送“谷歌分析”和“ hotjar”跟踪客户端事件 - How to send “google analytics” and “hotjar” tracking client events using server ASP.NET MVC C# 之后,在页面底部动态添加Google Analytic跟踪代码 </Form> 标签 - Including Google Analytic tracking code dynamically at bottom of page after </Form> tag Google Analytics(分析) - 跟踪包含父级的多个属性 - Google Analytics - Tracking Multiple Properties Including Parent 从页面上的Google Analytics(分析)跟踪代码获取帐户ID - Get account ID from Google Analytics Tracking code on page Google Analytics(分析)代码,用于在一个页面中跟踪2个域 - Google Analytics code for tracking 2 domains for one single page
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM