Skip to main content
A
Anonymous
September 30, 2011
Question

Google Analytics <InvalidTag> CFQuery

  • September 30, 2011
  • 1 reply
  • 2413 views

We're having a problem saving Google Analytics tags to our MySQL database using ColdFusion.  The system has worked for about a year, and now the Analytics tag is changing as it is saved from <script type="text/javascript"> to <InvalidTag type="text/javascript">.  The invalid tag causes the raw code of the Google code to be visible on our web pages.  It is a problem for 11 of our 30 sites.

Here's an example Analytics tag:

<script type="text/javascript">

  var _gaq = _gaq || [];

  _gaq.push(['_setAccount', 'UA-18376273-1']);

  _gaq.push(['_trackPageview']);

  (function() {

    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

  })();

</script>

And here's an example of a query that saves the code:

<cfquery datasource="NewScience" name="PutContent" username="***" password="***">

         UPDATE  `NewScience`.`explore3`

         SET `email` =  '#Trim(email)#',

         `google` =  '#Trim(google)#',

         `faceurl` =  '#Trim(faceurl)#',

         `fbon` =  '#Trim(fbon)#'

         WHERE  `explore3`.`ID` = #SESSION.Auth.ID# LIMIT 1 ;

    </CFQUERY>

    This topic has been closed for replies.

    1 reply

    Owainnorth
    Owainnorth
    Inspiring
    September 30, 2011

    Someone has either enabled this.ScriptProtect=true into your Application.cfc, or it has been turned on at the server level.

    A
    Anonymous
    September 30, 2011

    I coded the site and didn't include the code you have above, so it's probably enabled on the server.  Is this a security measure to protect the server against malicious scripts? What should I ask the host to do to correct it? Any specific terms you can provide would be great because this is the first I've heard of it.  Thanks!

    Owainnorth
    Owainnorth
    Inspiring
    September 30, 2011

    Indeed, it's there as a bodge-tastic way of quickly protecting from people posting script to your server. It's nasty and unconfigurable and (IMO) shouldn't really be used.

    CF Admin | Settings |

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices