test: Add tests for masking of sensitive data (#165)

This tests masking of initial & updated values for password & credit card fields. You can see that for now credit card data is not masked, which demonstrates the current behavior. In a future PR we can then verify that our fixed masking is working. ref getsentry/sentry-javascript#10258
getsentry · Feb 1, 2024 · 79d1fe2 · 79d1fe2
1 parent 120e802
commit 79d1fe2
Show file tree

Hide file tree

Showing 3 changed files with 154 additions and 0 deletions.
diff --git a/packages/rrweb-snapshot/test/__snapshots__/integration.test.ts.snap b/packages/rrweb-snapshot/test/__snapshots__/integration.test.ts.snap
@@ -265,6 +265,79 @@ exports[`integration tests [html file]: form-fields.html 1`] = `
   <noscript>SCRIPT_PLACEHOLDER</noscript></body></html>"
 `;
 
+exports[`integration tests [html file]: form-fields-sensitive.html 1`] = `
+"<!DOCTYPE html><html lang=\\"en\\"><head>
+    <meta charset=\\"UTF-8\\" />
+    <meta name=\\"viewport\\" content=\\"width=device-width, initial-scale=1.0\\" />
+    <meta http-equiv=\\"X-UA-Compatible\\" content=\\"ie=edge\\" />
+    <title>form fields</title>
+  </head>  <body>
+    <form>
+      <label>
+        <input type=\\"password\\" value=\\"*******\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"current-password\\" value=\\"initial\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"new-password\\" value=\\"initial\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-number\\" value=\\"initial\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-exp\\" value=\\"initial\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-exp-month\\" value=\\"initial\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-exp-year\\" value=\\"initial\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-csc\\" value=\\"initial\\" />
+      </label>
+    </form>
+  </body></html>"
+`;
+
+exports[`integration tests [html file]: form-fields-sensitive-update.html 1`] = `
+"<!DOCTYPE html><html lang=\\"en\\"><head>
+    <meta charset=\\"UTF-8\\" />
+    <meta name=\\"viewport\\" content=\\"width=device-width, initial-scale=1.0\\" />
+    <meta http-equiv=\\"X-UA-Compatible\\" content=\\"ie=edge\\" />
+    <title>form fields</title>
+  </head>  <body>
+    <form>
+      <label>
+        <input type=\\"password\\" value=\\"*********\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"current-password\\" value=\\"new value\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"new-password\\" value=\\"new value\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-number\\" value=\\"new value\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-exp\\" value=\\"new value\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-exp-month\\" value=\\"new value\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-exp-year\\" value=\\"new value\\" />
+      </label>
+      <label>
+        <input autocomplete=\\"cc-csc\\" value=\\"new value\\" />
+      </label>
+    </form>
+  
+  <noscript>SCRIPT_PLACEHOLDER</noscript></body></html>"
+`;
+
 exports[`integration tests [html file]: hover.html 1`] = `
 "<!DOCTYPE html><html lang=\\"en\\"><head>
   <meta charset=\\"UTF-8\\" />

diff --git a/packages/rrweb-snapshot/test/html/form-fields-sensitive-update.html b/packages/rrweb-snapshot/test/html/form-fields-sensitive-update.html
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
+    <title>form fields</title>
+  </head>
+
+  <body>
+    <form>
+      <label>
+        <input type="password" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="current-password" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="new-password" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-number" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-exp" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-exp-month" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-exp-year" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-csc" value="initial" />
+      </label>
+    </form>
+  </body>
+  <script>
+    document.querySelectorAll('input').forEach((input) => {
+      input.value = 'new value';
+    });
+  </script>
+</html>
diff --git a/packages/rrweb-snapshot/test/html/form-fields-sensitive.html b/packages/rrweb-snapshot/test/html/form-fields-sensitive.html
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
+    <title>form fields</title>
+  </head>
+
+  <body>
+    <form>
+      <label>
+        <input type="password" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="current-password" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="new-password" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-number" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-exp" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-exp-month" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-exp-year" value="initial" />
+      </label>
+      <label>
+        <input autocomplete="cc-csc" value="initial" />
+      </label>
+    </form>
+  </body>
+</html>