False positive Tracker error: Attempted XSS Injection

I’m trying to figure out some issues. Finally, I figure out source of tracker errors:

203 Attempted XSS Injection: android-app://com.google.android.gm (IP: x.x.x.x)

Тhis is valid traffic coming from android phones!

com.google.android.googlequicksearchbox is part of the Google Search app for Android. If you pay attention to the first two words, Android you will see that it’s google.com written backward. This is a common way of naming apps in Android. If you check the URL of the Google app in the Play store you will find the same name:

https://play.google.com/store/apps/details?id=com.google.android.googlequicksearchbox

com.google.android.gm is another referral that has been showing lately on Google Analytics. This referral comes from the Gmail android application.

https://play.google.com/store/apps/details?id=com.google.android.gm

More info on:
https://www.ohow.co/what-is-com-google-android-googlequicksearchbox-referral-google-analytics/
https://www.evoluted.net/thinktank/marketing/what-is-com-google-android-googlequicksearchbox-referral-in-google-analytics

These errors aren’t real XSS Injection and I was little confused. I’m not sure which is good solution, but for now, you can add android-app in line 289:

                      if ( !empty( $referer[ 'scheme' ] ) && !in_array( strtolower( $referer[ 'scheme' ] ), array( 'http', 'https', 'android-app' ) ) ) {
                              self::_set_error_array( sprintf( __( 'Attempted XSS Injection: %s (IP: %s)', 'wp-slimstat' ), self::$stat[ 'referer' ], self::$stat[ 'ip' ] ), false, 203 );
                              self::$stat[ 'notes' ][] = sprintf( __( 'Attempted XSS Injection: %s', 'wp-slimstat' ), self::$stat[ 'referer' ] );
                              unset( self::$stat[ 'referer' ] );  
                      }

Sasa

• This topic was modified 7 years, 6 months ago by Sa?a.
• This topic was modified 7 years, 6 months ago by Sa?a.