Skip to content

v8.6#160

Merged
sanason merged 1 commit intomasterfrom
v8.6
Feb 12, 2025
Merged

v8.6#160
sanason merged 1 commit intomasterfrom
v8.6

Conversation

@ahmedawwad
Copy link
Copy Markdown
Contributor

@ahmedawwad ahmedawwad commented Feb 11, 2025

  • Page location, remove the www., so that all hostnames will be unified (www.nasa.gov will be nasa.gov)
  • All other data points for .gov and .mil we'll remove the www.
  • All other data points for non (gov and mil), do not remove www.
  • Added additional dimension "hostname_dimension" to fix the sub-property leaky filters.
  • Added whitelist parameters (product1 and wwa) to NOAA/DOC agency
  • Added whitelist parameters (Topic and TitleID) for NASA agency
  • Moved the lon and lat parameters from DOC agency only to the general parameters as they might exist in different agencies

@ahmedawwad
v8.6
963f46e 
Page location, we’ll remove the www., so that all hostnames will be unified (www.nasa.gov will be nasa.gov)
All other data points for .gov and .mil we'll remove the www.
All other data points for non (gov and mil),  do not remove www.
Added additional dimension "hostname_dimension" to fix sub-property leaky filters.
Added whitelist parameter (product1 and wwa) for NOAA/DOC agency
Added whitelist parameter (Topic and TitleID) for NASA agency
Moved the lon and lat parameters from DOC agency only to the general parameters as they might exist in different agencies
github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 11, 2025
View reviewed changes
Comment thread Universal-Federated-Analytics.js
function _setAllowedQS() {
var queries = {
"default": ["utm_id", "utm_source", "utm_medium", "utm_campaign", "utm_term", "utm_content", "utm_source_platform", "utm_creative_format", "utm_marketing_tactic", "gbraid", "wbraid", "_gl", "gclid", "dclid", "gclsrc", "affiliate", "dap-dev-env", "v"],
"default": ["utm_id", "utm_source", "utm_medium", "utm_campaign", "utm_term", "utm_content", "utm_source_platform", "utm_creative_format", "utm_marketing_tactic", "gbraid", "wbraid", "_gl", "gclid", "dclid", "gclsrc", "affiliate", "dap-dev-env", "v", "lat", "lon"],

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings starting with 'http://a' and with many repetitions of 'aa'. This [regular expression](1) that depends on [library input](3) may run slow on strings starting with 'http://a' and with many repetitions of 'aa'.
@ahmedawwad ahmedawwad requested a review from sanason February 11, 2025 20:32
@sanason
Copy link
Copy Markdown
Member

sanason commented Feb 12, 2025

@ahmedawwad Could you explain how "hostname_dimension" will solve the leaky filter problem? It's not clear to me.

@ahmedawwad
Copy link
Copy Markdown
Contributor Author

ahmedawwad commented Feb 12, 2025
edited
Loading

@ahmedawwad Could you explain how "hostname_dimension" will solve the leaky filter problem? It's not clear to me.
@sanason

Currently we are using the full URL to filter data into subproperties. The data leaks happen when a hostname exists in a query string parameter, not just the hostname. it's included where it shouldn't.
We created another regex to account for this case, but the Google engine doesn't support it.
Now that we can filter based on custom dimensions, having the only the hostname populated in this dimension, then we modify the sub property filters to rely on this dimension instead of the full URL, will resolve the issue and prevent the leakage.
After all agencies migrate to 8.6, we'll reconfigure subproperties updating the filters to rely on the new dimension.

sanason
sanason reviewed Feb 12, 2025
View reviewed changes
Comment thread Universal-Federated-Analytics.js
[oCONFIG.MAIN_HOSTNAME_DIMENSION]: oCONFIG.HOSTNAME.toLowerCase()
};
((document.referrer && -1 !== document.referrer.search(location.hostname)) ? (r.page_referrer = _scrubbedURL(document.referrer)) : document.referrer);
((document.referrer && -1 !== document.referrer.search(location.hostname)) ? (r.page_referrer = _scrubbedURL(document.referrer)) : (r.page_referrer = document.referrer));
Copy link
Copy Markdown
Member

@sanason sanason Feb 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ahmedawwad Could you explain this page_referrer change?

@sanason sanason self-requested a review February 12, 2025 20:23
@sanason sanason merged commit 6b0e1ff into master Feb 12, 2025
@sanason sanason deleted the v8.6 branch January 9, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sanason sanason sanason approved these changes

+1 more reviewer

@levinmr levinmr levinmr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ahmedawwad @sanason @levinmr @github-advanced-security