Possible risks and problems with inserting JS tracking script in a Spotfire report

[Sorin Vasilescu]

Hi,

The organization I work for is using Spotfire. We are also using a web analytics platform (think Google Analytics, but self-hosted) and there's a wish to cover all that has a web interface with that analytics platform. That includes Spotfire reports, that are being accessed by consumers through the web interface.

The analytics platform, like Google Analytics and many others, is using a JS tracking code that must be inserted in the webpage. Spotfire allows that, by inserting the JS script in a text area anywhere in the report. I've tested it and it works just fine.

However, my Spotfire admins are telling me that inserting such a code is not supported, non-compliant, the code of the reports should not be modified and if we do that, we'll have lots of problems like conflicting with the JS code that Spotfire uses and so on. Basically, all hell will break loose.

Obviously, the tracking code is meant to be inserted in any website, so it is developed with this in mind and:

 

is fully self-contained

does not rely on any existing library included by Spotfire (that they might remove in the future version)

does not interact with Spotfire-created DOM objects in the page (actually, from what I can figure out, it does not modify anything in the page)

 

What their saying sounds preposterous to me, I don't see any reason behind not using such a JS code as long as Spotfire specifically allows you to insert JS code in reports.

I'm looking for a second technical opinion regarding the risks of inserting such a tracking code in Spotfire reports.

Thanks,

Sorin.