search

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.9k stars 2.65k forks source link

Double encoded single quotes in goal names #13828

Closed mattab closed 5 years ago

mattab commented 5 years ago

Reproduce

in Goals

See the below screenshots of Goal overview and Manage goals showing the double encoding:

new goal

hello world

in Forms

Similar issue in Form Analytics: form description

Maybe a regression from https://github.com/matomo-org/matomo/pull/13715

Would be valuable to add some UI tests that would catch the issue.

sgiehl commented 5 years ago

That's a more global and general issue of our input sanitize.

For goals we send the values using encodeURIComponent. That kind of circumvents the automatic input sanitize for all chars expect - _ . ! ~ * ' ( ), which keep untouched. Thus the ' is stored as ' in the database. Will create a PR to fix that partially. But imho it would make most sense to finally get rid of the global input sanitize

tsteur commented 5 years ago

But imho it would make most sense to finally get rid of the global input sanitize

That would be awesome. Also causes issues eg in tag mananger https://github.com/matomo-org/tag-manager/issues/134 . Not sure if it will be ever possible to fully get rid of it though as it could cause so many issues. Best might be to support it slowly and refactor it step by step. Like if a variable starts with underscore _ in API, it gets it unserialized or something like that. Or maybe it can be configured somehow.

diosmosis commented 5 years ago

Should be fixed in 3.x-dev