You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I want to take this a step further and always include password input masking unless it is explicitly opted out using the dangerouslyCapturePasswordInputs. While I can't see any reasonably good reason that you'd want to unmask a password input, we should still allow it if someone is certain that's what they want to do. It will be slightly more difficult / confusing to configure but that feels like a worthy trade-off to avoid customers accidentally unmasking password inputs by leaving the password: true field out of their maskInputOptions config
On Mobile, for certain types of views such as for sure containing PII data (password/email, etc), it's not possible to disable the masking, see https://posthog.com/docs/session-replay/ios#masking-in-swiftui
Even if people allow it, it's still "us" leaking the data hence no opt-out, it's too risky and I understand that I may have to relax that in the future, so far nobody asked for it, only on how to mask it, which is enabled by default.
If people can do maskInputOptions: {password: false}, already, dangerouslyCapturePasswordInputs feels like just making the API more complicated/degrading UX, I'd rather document this better if needed, not a blocker, but happy to hear another opinion.
bump patchBump patch version when this PR gets merged
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Since #1334 we mask passwords by default.
I want to take this a step further and always include password input masking unless it is explicitly opted out using the
dangerouslyCapturePasswordInputs. While I can't see any reasonably good reason that you'd want to unmask a password input, we should still allow it if someone is certain that's what they want to do. It will be slightly more difficult / confusing to configure but that feels like a worthy trade-off to avoid customers accidentally unmasking password inputs by leaving thepassword: truefield out of theirmaskInputOptionsconfig