Permalink
Browse files

increase restrictions of attr tracking

  • Loading branch information...
evnp committed Feb 1, 2018
1 parent f1ad7be commit 98a1845c5c55f8b362847517860cc97c35f1c08e
Showing with 44 additions and 44 deletions.
  1. +23 −15 src/autotrack.js
  2. +21 −29 tests/unit/testAutotrack.js
@@ -50,16 +50,20 @@ var autotrack = {
'tag_name': elem.tagName.toLowerCase()
};
if (_.includes(['input', 'select', 'textarea'], elem.tagName.toLowerCase())) {
var formFieldValue = this._getFormFieldValue(elem);
if (this._includeProperty(elem, formFieldValue)) {
props['value'] = formFieldValue;
if (this._includeField(elem)) {
if (_.includes(['input', 'select', 'textarea'], elem.tagName.toLowerCase())) {
var formFieldValue = this._getFormFieldValue(elem);
if (this._includeFieldValue(formFieldValue)) {
props['value'] = formFieldValue;
}
}
}
_.each(elem.attributes, function(attr) {
props['attr__' + attr.name] = attr.value;
});
_.each(elem.attributes, function(attr) {
if (this._includeFieldValue(attr.value)) {
props['attr__' + attr.name] = attr.value;
}
}, this);
}
var nthChild = 1;
var nthOfType = 1;
@@ -153,7 +157,7 @@ var autotrack = {
return value;
},
_includeProperty: function(input, value) {
_includeField: function(input) {
for (var curEl = input; curEl.parentNode && !this._isTag(curEl, 'body'); curEl = curEl.parentNode) {
var classes = this._getClassName(curEl).split(' ');
if (_.includes(classes, 'mp-sensitive') || _.includes(classes, 'mp-no-track')) {
@@ -165,10 +169,6 @@ var autotrack = {
return true;
}
if (value === null) {
return false;
}
// don't include hidden or password fields
var type = input.type || '';
switch(type.toLowerCase()) {
@@ -185,6 +185,14 @@ var autotrack = {
return false;
}
return true;
},
_includeFieldValue: function(value) {
if (value === null) {
return false;
}
if (typeof value === 'string') {
// check to see if input value looks like a credit card number
// see: https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch04s20.html
@@ -216,7 +224,7 @@ var autotrack = {
val = field.value || field.textContent;
break;
}
return this._includeProperty(field, val) ? val : null;
return this._includeField(field) && this._includeFieldValue(val) ? val : null;
},
_getFormFieldProperties: function(form) {
@@ -226,7 +234,7 @@ var autotrack = {
if (name !== null) {
name = '$form_field__' + name;
var val = this._getFormFieldValue(field);
if (this._includeProperty(field, val)) {
if (this._includeField(field) && this._includeFieldValue(val)) {
var prevFieldVal = formFieldProps[name];
if (prevFieldVal !== undefined) { // combine values for inputs of same name
formFieldProps[name] = [].concat(prevFieldVal, val);
@@ -233,7 +233,7 @@ describe('Collect Everything system', function() {
});
});
describe('_includeProperty', function() {
describe('_includeField', function() {
let input, parent1, parent2;
beforeEach(function() {
@@ -245,47 +245,38 @@ describe('Collect Everything system', function() {
document.body.appendChild(parent2);
});
it('should return false when the value is null', function() {
input.type = 'password';
input.className = 'test1 test2';
input.value = 'force included password';
expect(autotrack._includeProperty(input, null)).to.equal(false);
});
it('should include sensitive inputs with class "mp-include"', function() {
input.type = 'password';
input.className = 'test1 mp-include test2';
expect(autotrack._includeProperty(input, 'some password')).to.equal(true);
expect(autotrack._includeProperty(input, null)).to.equal(true);
expect(autotrack._includeField(input)).to.equal(true);
});
it('should never include inputs with class "mp-sensitive"', function() {
input.type = 'text';
input.className = 'test1 mp-include mp-sensitive test2';
expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
expect(autotrack._includeProperty(input, null)).to.equal(false);
expect(autotrack._includeField(input)).to.equal(false);
});
it('should not include elements with class "mp-no-track" as properties', function() {
input.type = 'text';
input.className = 'test1 mp-no-track test2';
expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
expect(autotrack._includeField(input)).to.equal(false);
});
it('should not include elements with a parent that have class "mp-no-track" as properties', function() {
parent2.className = 'mp-no-track';
input.type = 'text';
expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
expect(autotrack._includeField(input)).to.equal(false);
});
it('should not include hidden fields', function() {
input.type = 'hidden';
expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
expect(autotrack._includeField(input)).to.equal(false);
});
it('should not include password fields', function() {
input.type = 'password';
expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
expect(autotrack._includeField(input)).to.equal(false);
});
it('should not include fields with sensitive names', function() {
@@ -308,29 +299,31 @@ describe('Collect Everything system', function() {
input.type = 'text';
sensitiveNames.forEach(name => {
input.name = name;
expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
expect(autotrack._includeField(input)).to.equal(false);
});
});
it('should not include numbers that look like valid credit cards', function() {
it('should include non-sensitive inputs', function() {
input.type = 'text';
expect(autotrack._includeField(input)).to.equal(true);
});
});
describe('_includeFieldValue', function() {
it('should return false when the value is null', function() {
expect(autotrack._includeFieldValue(null)).to.equal(false);
});
it('should not include numbers that look like valid credit cards', function() {
// one for each type on http://www.getcreditcardnumbers.com/
const validCCNumbers = ['3419-881002-84912', '30148420855976', '5183792099737678', '6011-5100-8788-7057', '180035601937848', '180072512946394', '4556617778508'];
validCCNumbers.forEach(num => {
expect(autotrack._includeProperty(input, num)).to.equal(false);
expect(autotrack._includeFieldValue(num)).to.equal(false);
});
});
it('should not include values that look like social security numbers', function() {
input.type = 'text';
input.value = '123-45-6789';
expect(autotrack._includeProperty(input, input.value)).to.equal(false);
});
it('should include non-sensitive inputs', function() {
input.type = 'text';
input.value = 'Josh';
expect(autotrack._includeProperty(input, input.value)).to.equal(true);
expect(autotrack._includeFieldValue('123-45-6789')).to.equal(false);
});
});
@@ -380,7 +373,6 @@ describe('Collect Everything system', function() {
'$form_field__id': 'id',
});
});
});
describe('isBrowserSupported', function() {

0 comments on commit 98a1845

Please sign in to comment.