Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Enforce masking of credit card fields #166

Merged
merged 3 commits into from
Feb 1, 2024

Conversation

mydea
Copy link
Member

@mydea mydea commented Feb 1, 2024

This is on top of #165, actually fixing the behavior so that certain fields cannot be unmasked.

This is a pretty straightforward fix, a bit "hacky" but should work well enough.

Fixes getsentry/sentry-javascript#10258

@mydea mydea self-assigned this Feb 1, 2024
@mydea mydea requested review from billyvg and c298lee February 1, 2024 15:46
Copy link

github-actions bot commented Feb 1, 2024

size-limit report 📦

Path Size
rrweb - record only (gzipped) 16.75 KB (+0.4% 🔺)
rrweb - record & CanvasManager only (gzipped) 19.41 KB (+0.32% 🔺)
rrweb - record only (min) 57.14 KB (+0.32% 🔺)
rrweb - record with treeshaking flags (gzipped) 15.54 KB (+0.42% 🔺)

Base automatically changed from fn/disallow-cc to sentry-v2 February 1, 2024 16:03
@mydea mydea force-pushed the fn/disallow-cc-autocomplete branch from 7d782e9 to 42e28c3 Compare February 1, 2024 16:06
@mydea
Copy link
Member Author

mydea commented Feb 1, 2024

@billyvg added another test here in rrweb that tests this "in-depth", both adding new elements, changing their values etc.

@mydea mydea marked this pull request as ready for review February 1, 2024 16:07
@mydea mydea merged commit 432fe1f into sentry-v2 Feb 1, 2024
2 checks passed
@mydea mydea deleted the fn/disallow-cc-autocomplete branch February 1, 2024 16:12
billyvg pushed a commit that referenced this pull request Apr 26, 2024
This is on top of #165, actually
fixing the behavior so that certain fields cannot be unmasked.

This is a pretty straightforward fix, a bit "hacky" but should work well
enough.

Fixes getsentry/sentry-javascript#10258

---------

Co-authored-by: mydea <mydea@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Replay: Make unmasking of detectable sensitive fields impossible
2 participants