summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Snopek2012-11-27 18:03:36 (GMT)
committer David Snopek2012-11-27 18:03:36 (GMT)
commit7dbd7158316be9a7b6268345e9d2669859083b96 (patch)
tree4329f81135875cc4ea9448d1e937664c59ecd9ea
parent4431379d9b97463c3b195096c1124ce1a160242f (diff)
Issue #1762886 by dsnopek: Fix adding Mixpanel token to page.6.x-1.1
-rw-r--r--mixpanel.module8
1 files changed, 5 insertions, 3 deletions
diff --git a/mixpanel.module b/mixpanel.module
index cd6c434..ceffe97 100644
--- a/mixpanel.module
+++ b/mixpanel.module
@@ -15,11 +15,13 @@ function mixpanel_init() {
$defaults_wrapped = array('defaults' => mixpanel_get_defaults());
drupal_add_js(array('mixpanel' => $defaults_wrapped), 'setting');
}
- // Add the Mixpanel tracking code to HTML Head.
- $mixpanel_init_code = <<<code
+ // Convert the token string to JavaScript to prevent an XSS attack
+ $token = drupal_to_js($token);
+ // Add the Mixpanel tracking code to HTML Head.
+ $mixpanel_init_code = <<<code
<script type="text/javascript">
var mpq = [];
-mpq.push(["init", "$token"]);
+mpq.push(["init", $token]);
(function() {
var mp = document.createElement("script"); mp.type = "text/javascript"; mp.async = true;
mp.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') + "//api.mixpanel.com/site_media/js/api/mixpanel.js";