How I got millions of credit card details using agencies’ Google Tag Manager (GTM) accounts
If you've been around this blog before you might know that I know a thing or two about Google Tag Manager (GTM), the convenient tool that lets you run marketing and analytics scripts on your website. What you might not know is that I'm also a father of two young children, and I can tell you, kids are expensive! So, obviously, on sleepless nights, one starts to ponder all the ways to make a quick buck on the side: 'How to use one's knowledge of the interwebs to create a nice college fund for the kids?'
DocTags: automatically generate documentation from the notes field in Google Tag Manager (GTM)
GTM DocTags is a lightweight documentation generator for Google Tag Manager. It uses the notes field on tags, triggers and variables in Google Tag Manager —does anybody even use the note field?— and grabs that and some additional info through the GTM API to create a set of markdown files. The markdown files can be stored in Google Cloud Storage and rendered at runtime with Docsify to create a fully searchable, neat looking documentation site that you can serve your developers and other team members.
Using GTM with a Content Security Policy (CSP) and impress your DevOps team in the process
The internet is a beautiful place. If you think chaos is beautiful, that is, because it is also a place where everyone and everything is hacked, abused, and manipulated for money, status or just the lolz. To prevent your precious Google Tag Manager implementation —and your entire site for that matter— from falling victim to malicious code taking over checkout funnels or secretly listening to form input from visitors it's time to implement a Content Security Policy (CSP).