Filter passed URL fields #12
Comments
ghost
assigned 
|
thinking split the querystring using something like var queryAsArray = new Array(); then loop through the supplied list of provided querystring parameters to drop using toLower and indexOf then reassemble the querystring to pass on to the jsErrLog engine... I'm sure there's probably a neater solution but will hack this up in the next day or so unless it occurs to me ;) |
|
made some changes. will test, document and check in tomorrow |
|
Fixes added, v1.3, Commit |
When passing the URL to the error reporting service there might be certain fields that - for security or clarity - may be better if stripped off.
suggestion is to add a simple array that lists the querystring parameters which should be removed from the URL when it is passed to the logging service. For robustness the replace should be case insensitive.
examples could include password hashes, sessionIDs, PII which should not be shared outside the system (though it should be noted that holding any PII on a querystring is a questionable action in itself outside a closed intranet environment)
The text was updated successfully, but these errors were encountered: