Skip to content

Commit

Permalink
feat: add an attribute denylist for autocapture
Browse files Browse the repository at this point in the history
  • Loading branch information
pauldambra committed Sep 15, 2023
1 parent 3a2560b commit 3efb2d7
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
13 changes: 13 additions & 0 deletions src/__tests__/autocapture.js
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,19 @@ describe('Autocapture system', () => {
expect(props['_ngcontent-dpm-c448']).toBeUndefined()
expect(props['_nghost-dpm-c448']).toBeUndefined()
})

it('should filter element attributes based on the denylist', () => {
autocapture.config = {
element_attribute_denylist: ['data-attr', 'data-attr-2'],
}
div.setAttribute('data-attr', 'value')
div.setAttribute('data-attr-2', 'value')
div.setAttribute('data-attr-3', 'value')
const props = autocapture._getPropertiesFromElement(div)
expect(props['attr__data-attr']).toBeUndefined()
expect(props['attr__data-attr-2']).toBeUndefined()
expect(props['attr__data-attr-3']).toBe('value')
})
})

describe('_getAugmentPropertiesFromElement', () => {
Expand Down
4 changes: 4 additions & 0 deletions src/autocapture.ts
Original file line number Diff line number Diff line change
Expand Up @@ -101,10 +101,14 @@ const autocapture = {
return c !== ''
})

// capture the deny list here because this not-a-class class makes it tricky to use this.config in the function below
const elementAttributeDenylist = this.config?.element_attribute_denylist
_each(elem.attributes, function (attr: Attr) {
// Only capture attributes we know are safe
if (isSensitiveElement(elem) && ['name', 'id', 'class'].indexOf(attr.name) === -1) return

if (elementAttributeDenylist?.includes(attr.name)) return

if (!maskInputs && shouldCaptureValue(attr.value) && !isAngularStyleAttr(attr.name)) {
props['attr__' + attr.name] = limitText(1024, attr.value)
}
Expand Down
6 changes: 6 additions & 0 deletions src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,12 @@ export interface AutocaptureConfig {
* e.g. ['[ph-capture]']
*/
css_selector_allowlist?: string[]

/**
* Exclude certain element attributes from autocapture
* E.g. ['aria-label'] or [data-attr-pii]
*/
element_attribute_denylist?: string[]
}

export type UUIDVersion = 'og' | 'v7'
Expand Down

0 comments on commit 3efb2d7

Please sign in to comment.