Support » Plugin: Google Analytics for WordPress by MonsterInsights » Need to stripslashes for the Custom Code field

  • Resolved Stephen Cronin

    (@stephencronin)


    The plugin allows the user to enter JavaScript code that’s added to the Google Analytics code, via the Custom Code field. However, it doesn’t stripslashes when adding it to the page. As a result the custom code doesn’t work, at least in some cases, because the slashes change the meaning of the JavaScript code.

    For example, if you add the following to the Custom Code field:

    _gaq.push([‘_trackPageLoadTime’]);

    the following is added to the page:

    _gaq.push([\’_trackPageLoadTime\’]);

    Now the JavaScript is escaping the quote marks, which is not what we want. These slashes need to be stripped when adding the contents of this field to the Google Analytics code.

    I understand that we should “never trust the user”, and that’s fine when they are entering information to display. However, when they are entering code that is going to be executed, they have to be trusted. If you really don’t trust them, then you don’t give them the ability to add code.

    Bear in mind that anyone who has access to enter information in this field probably has access to the Plugin and Theme Editors, where they can certainly enter code that is executed.

    I’ve written a post (How To Set Up Site Speed For Google Analytics In WordPress), which includes information on how to hack the plugin to stripslashes when this field is added to the code (and when displayed in the Settings page, or it adds slashes upon slashes).

    Joost, is there any chance of getting this added to the plugin? Or is there something that I’m missing? Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Need to stripslashes for the Custom Code field’ is closed to new replies.