Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(replay): Mask srcdoc iframe contents per default #14760

Merged
merged 2 commits into from
Dec 18, 2024
Merged

feat(replay): Mask srcdoc iframe contents per default #14760

merged 2 commits into from
Dec 18, 2024

Conversation

chargome
Copy link
Member

closes #8241

@chargome chargome self-assigned this Dec 17, 2024
@chargome chargome requested a review from a team as a code owner December 17, 2024 14:04
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 17, 2024
edited
Loading

size-limit report 📦

Path Size % Change Change
@sentry/browser 23.12 KB - -
@sentry/browser - with treeshaking flags 21.81 KB - -
@sentry/browser (incl. Tracing) 35.62 KB - -
@sentry/browser (incl. Tracing, Replay) 72.88 KB +0.02% +13 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 63.29 KB +0.03% +15 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas) 77.28 KB +0.02% +11 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback) 89.68 KB +0.02% +13 B 🔺
@sentry/browser (incl. Feedback) 39.87 KB - -
@sentry/browser (incl. sendFeedback) 27.74 KB - -
@sentry/browser (incl. FeedbackAsync) 32.5 KB - -
@sentry/react 25.84 KB - -
@sentry/react (incl. Tracing) 38.5 KB - -
@sentry/vue 27.36 KB - -
@sentry/vue (incl. Tracing) 37.5 KB - -
@sentry/svelte 23.29 KB - -
CDN Bundle 24.23 KB - -
CDN Bundle (incl. Tracing) 35.78 KB - -
CDN Bundle (incl. Tracing, Replay) 70.89 KB +0.03% +16 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) 76.19 KB +0.02% +13 B 🔺
CDN Bundle - uncompressed 71.14 KB - -
CDN Bundle (incl. Tracing) - uncompressed 106.65 KB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 220.72 KB +0.01% +18 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 233.92 KB +0.01% +18 B 🔺
@sentry/nextjs (client) 38.75 KB - -
@sentry/sveltekit (client) 36.17 KB - -
@sentry/node 157.97 KB - -
@sentry/node - without tracing 98.93 KB - -
@sentry/aws-serverless 126.63 KB - -

View base workflow run

billyvg
billyvg approved these changes Dec 17, 2024
View reviewed changes
packages/replay-internal/src/util/getPrivacyOptions.ts Outdated
@@ -25,7 +25,7 @@ function getOption(selectors: string[], defaultSelectors: string[]): string {
* Returns privacy related configuration for use in rrweb
*/
export function getPrivacyOptions({ mask, unmask, block, unblock, ignore }: GetPrivacyOptions): GetPrivacyReturn {
const defaultBlockedElements = ['base[href="/"]'];
const defaultBlockedElements = ['base[href="/"]', 'iframe[srcdoc]:not([src])'];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sidenote, we should probably block all base not just with href attribute

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@billyvg added it

@chargome chargome merged commit 0487155 into develop Dec 18, 2024
156 checks passed
@chargome chargome deleted the cg/block-srcdoc-iframe-content branch December 18, 2024 10:46
chargome added a commit that referenced this pull request Dec 18, 2024
@chargome
feat(replay): Mask srcdoc iframe contents per default (#14760)
5707638
@chargome chargome mentioned this pull request Dec 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c298lee c298lee c298lee approved these changes

@billyvg billyvg billyvg approved these changes

Assignees

@chargome chargome

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replay: Don't capture iframe if it relies on srcdoc instead of src
3 participants
@chargome @billyvg @c298lee