Alexa atrk_acct ID – slash encoding (adding backslash)

  • Resolved Nikita_Sp

    (@nikitasp)


    4 years, 5 months ago

    Hi Weston!

    It’s me again ??
    First of all want to thanks again for this awesome plugin, it’s nice too see it grows.

    But there is an issue with amp_post_template_analytics hook when I add the Alexa metrics to certify my website using this manual: https://amp-wp.org/documentation/getting-started/analytics/#reader-mode

    The thing is my Alexa atrk_acct ID has / in the identifier. So on the page I’ve get \/ in the atrk_acct parameter.

    And we can’t certify the website, because Alexa needs >60% coverage with the analytics code.

    Here is what support says:

    Hi,

    Thanks for reaching out. We checked the page you specified (https://******/*****/****/amp) and found the code in your “amp-code.jpg” screenshot, however that is not the exact code that we provide on the https://www.alexa.com/pro/tagcoverage?sid=*******&site=****** page.

    This is the code in your screenshot and in the page HTML:

    <script src="https://cdn.ampproject.org/v0/amp-analytics-0.1.js" async="" custom-element="amp-analytics"></script>

    and

    <amp-analytics id="alexa" type="alexametrics" class="i-amphtml-layout-fixed i-amphtml-layout-size-defined" style="width:1px;height:1px;" i-amphtml-layout="fixed"><script type="application/json">{"vars":{"atrk_acct":"XX\/XXXXX","domain":"XXXXX.COM"}}</script></amp-analytics>

    Whereas this is the code we provide:

    <script async custom-element="amp-analytics" src="https://cdn.ampproject.org/v0/amp-analytics-0.1.js"></script>

    and

    <!-- Start Alexa AMP Certify Javascript -->
<amp-analytics type="alexametrics">
<script type="application/json"> {"vars": { "atrk_acct": "XX/XXXXXXX", "domain": "XXXX.COM" }}</script>
</amp-analytics>
<!-- End Alexa AMP Certify Javascript -->

    Here are the specific differences:

    • Your first code has extra =”” characters after async.
    • Your second code has a lot of extra parameters in the amp-analytics tag.
    • The second code is missing all of the necessary spacing in the {“vars”: { – “atrk_acct”: “XX/XXXXXX”, “domain”: “XXXXX.COM” }}?section.
    • The second code has an extra character in the atrk id (XX\/XXXXXXX instead of XX/XXXXXX.

    Please remove the current code and replace it with the code that we provide on the https://www.alexa.com/pro/tagcoverage?sid=XXXXX&site=XXXXXXX page.
    Cheers,
    Debbie
    Alexa Customer Support

    I think the main issue is not the spaces (it sound ridiculous), but the backslash.
    Really many thanks!

    • This topic was modified 4 years, 5 months ago by Nikita_Sp.
    • This topic was modified 4 years, 5 months ago by Nikita_Sp. Reason: formatting output
Viewing 5 replies - 16 through 20 (of 20 total)
  • Thread Starter Nikita_Sp

    (@nikitasp)

    @westonruter Yeah, I understand, a few weeks ago got catch an XSS-attack to one of my websites.

    But should the plugin has reduced functionality because of possible attacks on the website? If website’s owner doesn’t watch and care about his source I think intruders would find a way to make something they want.

    For example if they can access admin previleges, than they could add code to the source code directly from admin editors (theme editor, plugin editor, etc).

    Here is my humble suggestion and idea – what if the code from function.php won’t escape slashes, and if user use admin section – apply filters?

    • This reply was modified 4 years, 5 months ago by Nikita_Sp.
    Plugin Author Weston Ruter

    (@westonruter)

    Your suggestion is basically the current state. You can add your own code in functions.php as per above which will avoid having escaping slashes added. If the data comes from user input in any way, then it will be escaped.

    Thread Starter Nikita_Sp

    (@nikitasp)

    @westonruter I was talking about (as it seems to me) the right (correct) way of implementation.

    add_filter( 'amp_post_template_analytics', 'my_analytics_function' );

    But it seems this filter adds analytics to the same variable that escapes.
    So the solution you provide is the one. Thanks.

    Plugin Author Weston Ruter

    (@westonruter)

    @nikitasp Now that you mention it, there is a dedicated action fires when printing AMP analytics which was introduced for just this purpose. You can use this action instead to further simplify the code:

    function my_print_alexametrics_code() {
	?>
	<amp-analytics type="alexametrics">
		<script type="application/json">{"vars": { "atrk_acct": "XX/XXXXXXX", "domain": "XXXX.COM" }}</script>
	</amp-analytics>
	<?php
}
add_action( 'amp_print_analytics', 'my_print_alexametrics_code' );

    This amp_print_analytics action was introduced just for this purpose of printing custom analytics.

    Thread Starter Nikita_Sp

    (@nikitasp)

    @westonruter Thanks.

    • This reply was modified 4 years, 5 months ago by Nikita_Sp.
Viewing 5 replies - 16 through 20 (of 20 total)
  • The topic ‘Alexa atrk_acct ID – slash encoding (adding backslash)’ is closed to new replies.