You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When passing the URL to the error reporting service there might be certain fields that - for security or clarity - may be better if stripped off.
suggestion is to add a simple array that lists the querystring parameters which should be removed from the URL when it is passed to the logging service. For robustness the replace should be case insensitive.
examples could include password hashes, sessionIDs, PII which should not be shared outside the system (though it should be noted that holding any PII on a querystring is a questionable action in itself outside a closed intranet environment)
The text was updated successfully, but these errors were encountered:
thinking split the querystring using something like
var queryAsArray = new Array();
var queryString = <--- pump the queryString in here
var keyValues = queryString.split(/&/);
for (var i in keyValues) {
var key = keyValues[i].split(/=/);
queryAsArray[keyValues[0]] = keyValues[1];
}
then loop through the supplied list of provided querystring parameters to drop using toLower and indexOf
if ([..the queryAsArray keys..toLower()].indexOf(paramToTest.toLower()) >= 0) {
// remove the item from the array
}
then reassemble the querystring to pass on to the jsErrLog engine...
I'm sure there's probably a neater solution but will hack this up in the next day or so unless it occurs to me ;)
When passing the URL to the error reporting service there might be certain fields that - for security or clarity - may be better if stripped off.
suggestion is to add a simple array that lists the querystring parameters which should be removed from the URL when it is passed to the logging service. For robustness the replace should be case insensitive.
examples could include password hashes, sessionIDs, PII which should not be shared outside the system (though it should be noted that holding any PII on a querystring is a questionable action in itself outside a closed intranet environment)
The text was updated successfully, but these errors were encountered: