Re: CSP and web analytics

2011/6/8 Adam Barth <w3c@adambarth.com>

> > For example:
> >
> > <a href="#settings"
> onclick="_trackEvent('openPage','settings')">Settings</a>
> >
> > If you want this to work with CSP you need to add an id to the anchor,
> > then in another script do:
> > document.getElementById(...).addEventListener(...,function(){
> >    _trackEvent('openPage','settings')
> > }, false)
> >
> > Or something like that (maybe you can make it easier with
> > data-event/data-page attributes or so).
>
> Or just:
>
> $("#settings").live("click", function() {
> _trackEvent('openPage','settings'); });
>
> in jQuery speak.
>

Google actually has a video tutorial where JavaScript coding style for the
web is divided into three levels (
http://code.google.com/intl/en/edu/submissions/html-css-javascript/):

   1. Inline event handlers  deemed bad practice
   2. Inline code blocks  deemed OK practice
   3. Code in files loaded in <head> plus a separate script block with a
   call to an initialize() function at the end of <body>  good practice

I don't think pushing it to file-only is a far stretch. We try to have a
strict three layer design at my org.

We've decided to try to make CSP fly which is why we're starting to hit the
bumps. Web analytics came first.

   /John

-- 
John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee<http://owaspsweden.blogspot.com>

Received on Wednesday, 8 June 2011 18:45:49 UTC