Title: Custom vars aren't escaped, breaks the analytics javascript Last modified: August 22, 2016 --- # Custom vars aren't escaped, breaks the analytics javascript * [Robert O’Rourke](https://wordpress.org/support/users/sanchothefat/) * (@sanchothefat) * [11 years, 9 months ago](https://wordpress.org/support/topic/custom-vars-arent-escaped-breaks-the-analytics-javascript/) * Hi Joost, * I found a bug – it often comes up because of my surname “O’Rourke” * The apostrophe breaks more sites and reveals more SQL injection holes around the web than you’d believe! * In your plugin when I add the author as a custom var it was using my surname as part of it but without stripping or escaping the quote. It’s not the end of the world but I’ve lost about 2 weeks of data. * The fix would be to add something to the `str_clean()` method in class-frontend. php or perhaps just run it through `sanitize_key()` before the `remove_accents()` call. * Cheers, Rob * [https://wordpress.org/plugins/google-analytics-for-wordpress/](https://wordpress.org/plugins/google-analytics-for-wordpress/) The topic ‘Custom vars aren't escaped, breaks the analytics javascript’ is closed to new replies. * ![](https://ps.w.org/google-analytics-for-wordpress/assets/icon.svg?rev=2976619) * [MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy)](https://wordpress.org/plugins/google-analytics-for-wordpress/) * [Frequently Asked Questions](https://wordpress.org/plugins/google-analytics-for-wordpress/#faq) * [Support Threads](https://wordpress.org/support/plugin/google-analytics-for-wordpress/) * [Active Topics](https://wordpress.org/support/plugin/google-analytics-for-wordpress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/google-analytics-for-wordpress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/google-analytics-for-wordpress/reviews/) ## Tags * [escaping](https://wordpress.org/support/topic-tag/escaping/) * [frontend](https://wordpress.org/support/topic-tag/frontend/) * [javascript](https://wordpress.org/support/topic-tag/javascript/) * 0 replies * 1 participant * Last reply from: [Robert O’Rourke](https://wordpress.org/support/users/sanchothefat/) * Last activity: [11 years, 9 months ago](https://wordpress.org/support/topic/custom-vars-arent-escaped-breaks-the-analytics-javascript/) * Status: not resolved