Skip to content

Commit

Permalink
Escape JavaScript parameters
Browse files Browse the repository at this point in the history 
Only considering \ and ' so far. There might be others that also need
to be escaped.
  • Loading branch information
@hpique
hpique committed Aug 20, 2012
1 parent 188df0c commit 003946d
Showing 1 changed file with 35 additions and 14 deletions.
49 changes: 35 additions & 14 deletions GAJavaScriptTracker/GAJavaScriptTracker.m
View file
Expand Up @@ -9,6 +9,23 @@
#import "GAJavaScriptTracker.h"
#import "GAJSWebViewEngine.h"

static NSString* GAEscapeNSString(NSString* value) {
if (!value) return nil;
const char *chars = [value UTF8String];
NSMutableString *escapedString = [NSMutableString string];
while (*chars) {
if (*chars == '\\') {
[escapedString appendString:@"\\\\"];
} else if (*chars == '\'') {
[escapedString appendString:@"\\'"];
} else {
[escapedString appendFormat:@"%c", *chars];
}
++chars;
}
return escapedString;
}

@implementation GAJavaScriptTracker {
GAJSWebViewEngine *_JSEngine;
}
Expand All @@ -21,6 +38,7 @@ @implementation GAJavaScriptTracker {
@synthesize batchInterval=_batchInterval;
@synthesize batchSize=_batchSize;


// This method tries to find a tracker for the specified Google Analytics account ID (the string that begins with "UA-") in an internal List. If no tracker is up, it inits a new one :D
+ (id)trackerWithAccountID:(NSString *)accountID {
static NSMutableDictionary *gaJavaScriptTrackerAvailableTrackers = nil;
Expand Down Expand Up @@ -66,26 +84,26 @@ -(void)start {

if(self.debug)
NSLog(@"[GAJST] allocate engine");

_JSEngine = [[GAJSWebViewEngine alloc] init];
if(!_JSEngine) {
@throw [NSException exceptionWithName:@"GAJSException"
reason:@"Failed to load JavaScriptEngine"
userInfo:nil];
}


id anonymize = @"_gaq.push(['_anonymizeIp']);";
id str = [NSString stringWithFormat:@"var _gaq = _gaq || [];\n\
_gaq.push(['_setAccount', '%@']);\n\
_gaq.push(['_setDomainName', 'none']);\n\
%@", _accountID, _anonymizeIp ? anonymize : @""];

_gaq.push(['_setAccount', '%@']);\n\
_gaq.push(['_setDomainName', 'none']);\n\
%@", _accountID, _anonymizeIp ? anonymize : @""];
if(self.debug)
NSLog(@"[GAJST] Load html and set INITIAL_GA: %@", str);

_JSEngine.htmlName = @"main";
_JSEngine.htmlVariables = [NSDictionary dictionaryWithObject:str forKey:@"INITIAL_GA"];
_JSEngine.htmlVariables = [NSDictionary dictionaryWithObject:str forKey:@"INITIAL_GA"];
_JSEngine.debugwebview = _debugwebview;
if(self.debug)
[_JSEngine runJS:@"alert(_gaq)"];
Expand All @@ -98,11 +116,11 @@ -(void)start {
//stops this tracker
-(void)stop {
assert(_JSEngine);

if(self.debug)
NSLog(@"[GAJST] flush the engine [if the webview is not loaded, this may loose a batch.]");
[_JSEngine flushJS];

if(self.debug)
NSLog(@"[GAJST] release engine");

Expand Down Expand Up @@ -151,14 +169,14 @@ - (BOOL)executeScript:(NSString*)js {
// character if pageURL doesn't start with one.
- (BOOL)trackPageview:(NSString *)pageURL
withError:(NSError **)error {

if(!pageURL.length) {
@throw [NSException exceptionWithName:@"GAJSException"
reason:@"No pageURL for trackPageview"
userInfo:nil];
}

id js = [NSString stringWithFormat:@"_gaq.push(['_trackPageview', '%@'])", pageURL];
id js = [NSString stringWithFormat:@"_gaq.push(['_trackPageview', '%@'])", GAEscapeNSString(pageURL)];
return [self executeScript:js];
}

Expand All @@ -172,7 +190,7 @@ - (BOOL)trackEvent:(NSString *)category
label:(NSString *)label
value:(NSInteger)value
withError:(NSError **)error {

if(!category.length) {
@throw [NSException exceptionWithName:@"GAJSException"
reason:@"No category for trackEvent"
Expand All @@ -183,6 +201,9 @@ - (BOOL)trackEvent:(NSString *)category
reason:@"No action for trackEvent"
userInfo:nil];
}
category = GAEscapeNSString(category);
action = GAEscapeNSString(action);
label = GAEscapeNSString(label);

id js;
if(label && value>=0) {
Expand Down

0 comments on commit 003946d

Please sign in to comment.