I’m still using js-2.18.2 for one of our older touch points, somehow on dev this field can receive spurious information yet I’m not sure how. so Rather than jsut seeing the version of the tracker all types of code, like “js-2.18.2/index.php/'”" and much worse like "…................\etc"
its also creating bad stream records as its exceeding the allowed JSON length,
How is tv getting influence on the standard page_view event for web js-2.18.2 and is there a setting that I can use to override this happening?
The short answer is unfortunately you can’t - at least not easily without something like bot protection, Cloudflare or some other kind of WAF in front of your site.
The more protracted answer is that certain exploit scanners will crawl the web to try and exploit public facing HTTP endpoints by injecting things into URL parameters but looking at existing requests and attempting to replicate them.
The response back from the collector is reasonably boring so none of the injections do anything but do have the annoying side effect of introducing silly values into the warehouse (or bad rows in your case).