Extending Oxite site setting to include a tracking script.

Apr 30, 2009 at 9:01 AM
Hi,

After installing Oxite I spotted that I also needed to make sure that my Goggle Analytics script was included so that I can track site traffic in the first instance I added the script to the master page. This script looks like this:

    <script type="text/javascript">
        var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
        document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
    </script>
    <script type="text/javascript">
        try {
            var pageTracker = _gat._getTracker("UA-##########");
            pageTracker._trackPageview();
        } catch (err) { }
    </script>

Job done. Well yes and no, this got me thinking, if Oxite is to become another install and go type project then it would be best if the tracking script was part of the site settings (as in blogengine.net) so why not add a trackingscript field to the site table and then have the master page send that out from the database.

All done I have added the field in extended MVC etc to include it but when I tried to add the script through the site settings page I get the old validation error:

A potentially dangerous Request.Form value was detected from the client (siteTrackingScript="    <script type="text/j...").

I have tried all the normal ASP.NET ways of stopping this error (ValidateRequest):

<%

@ Page Language="C#" AutoEventWireup="true" MasterPageFile="~/Views/Shared/Admin.master" Inherits="System.Web.Mvc.ViewPage<OxiteModelItem<Site>>" ValidateRequest="false" %>

But no luck :(

Does anybody know how to stop Oxite (MVC?) from throwing the error on the page?

Apr 30, 2009 at 4:14 PM
Edited Apr 30, 2009 at 4:16 PM

Bingo :

http://www.coderjournal.com/2009/02/potentially-dangerous-requestform-detected-aspnet-mvc/

So in the Site controller :

[ValidateInput(false)]
[ActionName("Item"), AcceptVerbs(HttpVerbs.Post)]
public virtual object SaveItem(Site siteInput, User userInput, FormCollection form)

 

Isn't it great when you answer your own questions!

 

 

 

 

 

 

 

Coordinator
Apr 30, 2009 at 4:56 PM
Yes, it is great when you can answer your own question.  Yay!

As I mentioned on Twitter...in the future, this should become a plugin.  Also, if you look at the latest checkins there is now a oxite_Setting table and some APIs to allow you to set Scope (like Site, Plugin, Area, Post, Page, etc) a name (string) and an object in the DB and retrieve it later.  So you could have a Google Analytics plugin that can generically insert the script into the final render of the page with a setting for your account.  Good times head.  :)
Mar 31, 2010 at 8:27 PM

I'm using Oxite with MVC 2 and asp 4.0 and that didn't work for me..

In addition to writing [ValidateInput(false)], you need to add this line to web.Config 

<httpRuntime requestValidationMode="2.0" />