[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/blog.onlinemarketing.dk\/google-website-optimizer-sikkerhedsproblem.html#BlogPosting","mainEntityOfPage":"https:\/\/blog.onlinemarketing.dk\/google-website-optimizer-sikkerhedsproblem.html","headline":"Google website optimizer sikkerhedsproblem","name":"Google website optimizer sikkerhedsproblem","description":"Google website optimizer sikkerhedsproblem Google har rundsendt information om et sikkerhedshul i deres website optimizer. Det nuv\u00e6rende script indeholder en sikkerhedsbrist, som kan f\u00f8re til…","datePublished":"2010-12-09","dateModified":"2010-12-09","author":{"@type":"Person","@id":"https:\/\/blog.onlinemarketing.dk\/author\/admin#Person","name":"admin","url":"https:\/\/blog.onlinemarketing.dk\/author\/admin","identifier":1,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/ce65f41ecd392d9b2ef547aba58da9858a8cfb78bd54ce7a6acbffad581f31b2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ce65f41ecd392d9b2ef547aba58da9858a8cfb78bd54ce7a6acbffad581f31b2?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"Online Marketing","logo":{"@type":"ImageObject","@id":"https:\/\/blog.onlinemarketing.dk\/wp-content\/uploads\/2017\/05\/onlinemarketing_logo_mini.gif","url":"https:\/\/blog.onlinemarketing.dk\/wp-content\/uploads\/2017\/05\/onlinemarketing_logo_mini.gif","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/blog.onlinemarketing.dk\/wp-content\/uploads\/2017\/05\/onlinemarketing_medium.gif","url":"https:\/\/blog.onlinemarketing.dk\/wp-content\/uploads\/2017\/05\/onlinemarketing_medium.gif","width":100,"height":100},"url":"https:\/\/blog.onlinemarketing.dk\/google-website-optimizer-sikkerhedsproblem.html","about":["Google"],"wordCount":819,"articleBody":"Google website optimizer sikkerhedsproblemGoogle har rundsendt information om et sikkerhedshul i deres website optimizer.Det nuv\u00e6rende script indeholder en sikkerhedsbrist, som kan f\u00f8re til at der kan foretages cross-site scripting p\u00e5 det p\u00e5g\u00e6ldende website.Google anbefaler sine brugere enten at slette eksisterende eksperimenter eller at tilpasse det eksisterende script, s\u00e5ledes det forhindrer uautoriseret adgang via website optimizer scriptet, hvor ondsindede kan f\u00e5 adgang til websitet med cross-site scripting.Nye eksperimenter er ikke s\u00e5rbare overfor cross-site scripting.Find website optimizer control scriptet p\u00e5 dit website, hvis du \u00f8nsker manuelt at redigere i det og beholde allerede eksisterende eksperimenter.:A\/B Test Control Script<!– Google Website Optimizer Control Script –><script>function utmx_section(){}function utmx(){}(function(){var k=’XXXXXXXXXX’,d=document,l=d.location,c=d.cookie;function f(n){if(c){var i=c.indexOf(n+’=’);if(i>-1){var j=c.indexOf(‘;’,i);return c.substring(i+n.length+1,j<0?c.length:j)}}}var x=f(‘__utmx’),xx=f(‘__utmxx’),h=l.hash;d.write(‘<sc’+’ript src=”‘+‘http’+(l.protocol==’https:’?’s:\/\/ssl’:’:\/\/www’)+’.google-analytics.com’+’\/siteopt.js?v=1&utmxkey=’+k+’&utmx=’+(x?x:”)+’&utmxx=’+(xx?xx:”)+’&utmxtime=’+new Date().valueOf()+(h?’&utmxhash=’+escape(h.substr(1)):”)+‘” type=”text\/javascript” charset=”utf-8″><\/sc’+’ript>’)})();<\/script><script>utmx(“url”,’A\/B’);<\/script><!– End of Google Website Optimizer Control Script –> Multivariate Test Control Script<!– Google Website Optimizer Control Script –><script>function utmx_section(){}function utmx(){}(function(){var k=’XXXXXXXXXX’,d=document,l=d.location,c=d.cookie;function f(n){if(c){var i=c.indexOf(n+’=’);if(i>-1){var j=c.indexOf(‘;’,i);return c.substring(i+n.length+1,j<0?c.length:j)}}}var x=f(‘__utmx’),xx=f(‘__utmxx’),h=l.hash;d.write(‘<sc’+’ript src=”‘+‘http’+(l.protocol==’https:’?’s:\/\/ssl’:’:\/\/www’)+’.google-analytics.com’+’\/siteopt.js?v=1&utmxkey=’+k+’&utmx=’+(x?x:”)+’&utmxx=’+(xx?xx:”)+’&utmxtime=’+new Date().valueOf()+(h?’&utmxhash=’+escape(h.substr(1)):”)+‘” type=”text\/javascript” charset=”utf-8″><\/sc’+’ript>’)})();<\/script><!– End of Google Website Optimizer Control Script –> Find denne linje i Google website optimizer scriptet: return c.substring(…Modficer denne linje:F\u00f8r: return c.substring(i+n.length+1,j<0?c.length:j)Efter: return escape(c.substring(i+n.length+1,j<0?c.length:j))Husk afslutningen med parantes. \u201c)\u201d Fixed A\/B Control Script<!– Google Website Optimizer Control Script –><script>function utmx_section(){}function utmx(){} (function(){var k=’XXXXXXXXXX’,d=document,l=d.location,c=d.cookie;function f(n){ if(c){var i=c.indexOf(n+’=’);if(i>-1){var j=c.indexOf(‘;’,i);return escape(c.substring(i+n.length+1,j<0?c.length:j))}}}var x=f(‘__utmx’),xx=f(‘__utmxx’),h=l.hash; d.write(‘<sc’+’ript src=”‘+‘http’+(l.protocol==’https:’?’s:\/\/ssl’:’:\/\/www’)+’.google-analytics.com’+’\/siteopt.js?v=1&utmxkey=’+k+’&utmx=’+(x?x:”)+’&utmxx=’+(xx?xx:”)+’&utmxtime=’+new Date().valueOf()+(h?’&utmxhash=’+escape(h.substr(1)):”)+‘” type=”text\/javascript” charset=”utf-8″><\/sc’+’ript>’)})();<\/script><script>utmx(“url”,’A\/B’);<\/script><!– End of Google Website Optimizer Control Script –>Fixed Multivariate Control Script<!– Google Website Optimizer Control Script –><script>function utmx_section(){}function utmx(){}(function(){var k=’XXXXXXXXXX’,d=document,l=d.location,c=d.cookie;function f(n){if(c){var i=c.indexOf(n+’=’);if(i>-1){var j=c.indexOf(‘;’,i);return escape(c.substring(i+n.length+1,j<0?c.length:j))}}}var x=f(‘__utmx’),xx=f(‘__utmxx’),h=l.hash; d.write(‘<sc’+’ript src=”‘+‘http’+(l.protocol==’https:’?’s:\/\/ssl’:’:\/\/www’)+’.google-analytics.com’+’\/siteopt.js?v=1&utmxkey=’+k+’&utmx=’+(x?x:”)+’&utmxx=’+(xx?xx:”)+’&utmxtime=’+new Date().valueOf()+(h?’&utmxhash=’+escape(h.substr(1)):”)+‘” type=”text\/javascript” charset=”utf-8″><\/sc’+’ript>’)})();<\/script><!– End of Google Website Optimizer Control Script –>Bem\u00e6rk=XXXXXXXXX linjen er en placeholder i control scriptet.Eksperiment vil forts\u00e6tte som normalt efter at du har lavet denne opdatering. Der er ingen grund til at holde pause eller genstarte eksperimentet.Hvor ligger problemet i Google website optimizer scriptet?Scriptet i den gamle version anvender data som tegn, hvilket giver mulighed for at udf\u00f8re angreb og cross-site scripting p\u00e5 websites, der anvender scriptet, ved at inds\u00e6tte en ESCAPE kodning, tvinger man parseren(fortolkeren) til at anvende tegn som data, dette forhindrer adgang til websstedet via scriptet.Relaterede emner:Beskyt dit website mod indeksering p\u00e5 testdom\u00e6neFlytning af websiteGoogle.dk og deres serverops\u00e6tningA-B Splittest Google AdwordsKonverteringssporing"},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Google website optimizer sikkerhedsproblem","item":"https:\/\/blog.onlinemarketing.dk\/google-website-optimizer-sikkerhedsproblem.html#breadcrumbitem"}]}]