Extract shouldMaskAttriubte to share for SR and action names; Improve code according to comments

Author: cy-moi

packages/rum-core/src/domain/action/getActionNameFromElement.spec.ts

@@ -645,7 +645,7 @@ describe('getActionNameFromElement', () => {
         },
         {
           html: `
-          <div data-dd-privacy="mask-unless-allowlisted" aria-label="bar" target>
+          <div data-dd-privacy="mask-unless-allowlisted" alt="bar" target>
             <span>bar</span>
           </div>
           `,
@@ -655,7 +655,7 @@ describe('getActionNameFromElement', () => {
         },
         {
           html: `
-          <div data-dd-privacy="mask-unless-allowlisted" aria-label="foo" target>
+          <div data-dd-privacy="mask-unless-allowlisted" alt="foo" target>
             <span>bar</span>
           </div>
           `,

packages/rum-core/src/domain/action/getActionNameFromElement.ts

@@ -1,6 +1,6 @@
 import { ExperimentalFeature, isExperimentalFeatureEnabled, safeTruncate } from '@datadog/browser-core'
 import { getPrivacySelector, NodePrivacyLevel } from '../privacyConstants'
-import { getNodePrivacyLevel, maskDisallowedTextContent, shouldMaskNode } from '../privacy'
+import { getNodePrivacyLevel, maskDisallowedTextContent, shouldMaskNode, shouldMaskAttribute } from '../privacy'
 import type { NodePrivacyLevelCache } from '../privacy'
 import type { RumConfiguration } from '../configuration'
 import { isElementNode } from '../../browser/htmlDomUtils'
@@ -16,6 +16,8 @@ export function getActionNameFromElement(
   rumConfiguration: RumConfiguration,
   nodePrivacyLevel: NodePrivacyLevel = NodePrivacyLevel.ALLOW
 ): ActionName {
+  const nodePrivacyLevelCache: NodePrivacyLevelCache = new Map()
+
   const { actionNameAttribute: userProgrammaticAttribute } = rumConfiguration
 
   // Proceed to get the action name in two steps:
@@ -36,8 +38,8 @@ export function getActionNameFromElement(
   }
 
   return (
-    getActionNameFromElementForStrategies(element, priorityStrategies, rumConfiguration) ||
-    getActionNameFromElementForStrategies(element, fallbackStrategies, rumConfiguration) || {
+    getActionNameFromElementForStrategies(element, priorityStrategies, rumConfiguration, nodePrivacyLevelCache) ||
+    getActionNameFromElementForStrategies(element, fallbackStrategies, rumConfiguration, nodePrivacyLevelCache) || {
       name: '',
       nameSource: ActionNameSource.BLANK,
     }
@@ -58,14 +60,15 @@ function getActionNameFromElementProgrammatically(targetElement: Element, progra
 
 type NameStrategy = (
   element: Element | HTMLElement | HTMLInputElement | HTMLSelectElement,
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ) => ActionName | undefined | null
 
 const priorityStrategies: NameStrategy[] = [
   // associated LABEL text
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     if ('labels' in element && element.labels && element.labels.length > 0) {
-      return getActionNameFromTextualContent(element.labels[0], rumConfiguration)
+      return getActionNameFromTextualContent(element.labels[0], rumConfiguration, nodePrivacyLevelCache)
     }
   },
   // INPUT button (and associated) value
@@ -79,41 +82,47 @@ const priorityStrategies: NameStrategy[] = [
     }
   },
   // BUTTON, LABEL or button-like element text
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     if (element.nodeName === 'BUTTON' || element.nodeName === 'LABEL' || element.getAttribute('role') === 'button') {
-      return getActionNameFromTextualContent(element, rumConfiguration)
+      return getActionNameFromTextualContent(element, rumConfiguration, nodePrivacyLevelCache)
     }
   },
-  (element, rumConfiguration) => getActionNameFromStandardAttribute(element, 'aria-label', rumConfiguration),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'aria-label', rumConfiguration, nodePrivacyLevelCache),
   // associated element text designated by the aria-labelledby attribute
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     const labelledByAttribute = element.getAttribute('aria-labelledby')
     if (labelledByAttribute) {
       return {
         name: labelledByAttribute
           .split(/\s+/)
           .map((id) => getElementById(element, id))
           .filter((label): label is HTMLElement => Boolean(label))
-          .map((element) => getTextualContent(element, rumConfiguration))
+          .map((element) => getTextualContent(element, rumConfiguration, nodePrivacyLevelCache))
           .join(' '),
         nameSource: ActionNameSource.TEXT_CONTENT,
       }
     }
   },
-  (element, rumConfiguration) => getActionNameFromStandardAttribute(element, 'alt', rumConfiguration),
-  (element, rumConfiguration) => getActionNameFromStandardAttribute(element, 'name', rumConfiguration),
-  (element, rumConfiguration) => getActionNameFromStandardAttribute(element, 'title', rumConfiguration),
-  (element, rumConfiguration) => getActionNameFromStandardAttribute(element, 'placeholder', rumConfiguration),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'alt', rumConfiguration, nodePrivacyLevelCache),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'name', rumConfiguration, nodePrivacyLevelCache),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'title', rumConfiguration, nodePrivacyLevelCache),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'placeholder', rumConfiguration, nodePrivacyLevelCache),
   // SELECT first OPTION text
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     if ('options' in element && element.options.length > 0) {
-      return getActionNameFromTextualContent(element.options[0], rumConfiguration)
+      return getActionNameFromTextualContent(element.options[0], rumConfiguration, nodePrivacyLevelCache)
     }
   },
 ]
 
 const fallbackStrategies: NameStrategy[] = [
-  (element, rumConfiguration) => getActionNameFromTextualContent(element, rumConfiguration),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromTextualContent(element, rumConfiguration, nodePrivacyLevelCache),
 ]
 
 /**
@@ -124,7 +133,8 @@ const MAX_PARENTS_TO_CONSIDER = 10
 function getActionNameFromElementForStrategies(
   targetElement: Element,
   strategies: NameStrategy[],
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ) {
   let element: Element | null = targetElement
   let recursionCounter = 0
@@ -136,7 +146,7 @@ function getActionNameFromElementForStrategies(
     element.nodeName !== 'HEAD'
   ) {
     for (const strategy of strategies) {
-      const actionName = strategy(element, rumConfiguration)
+      const actionName = strategy(element, rumConfiguration, nodePrivacyLevelCache)
       if (actionName) {
         const { name, nameSource } = actionName
         const trimmedName = name && name.trim()
@@ -172,31 +182,44 @@ function getElementById(refElement: Element, id: string) {
 function getActionNameFromStandardAttribute(
   element: Element | HTMLElement,
   attribute: string,
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ): ActionName {
   const { enablePrivacyForActionName, defaultPrivacyLevel } = rumConfiguration
-  const nodeSelfPrivacyLevel = getNodePrivacyLevel(element, defaultPrivacyLevel)
-  const attributeValue = element.getAttribute(attribute)
+  let attributeValue = element.getAttribute(attribute)
+  if (attributeValue && enablePrivacyForActionName) {
+    const nodePrivacyLevel = getNodePrivacyLevel(element, defaultPrivacyLevel, nodePrivacyLevelCache)
+    if (
+      shouldMaskAttribute(element.tagName, attribute, nodePrivacyLevel, rumConfiguration, attributeValue)
+    ) {
+      attributeValue = maskDisallowedTextContent(attributeValue, ACTION_NAME_PLACEHOLDER)
+    }
+  } else if (!attributeValue) {
+    attributeValue = ''
+  }
+
   return {
-    name:
-      enablePrivacyForActionName && nodeSelfPrivacyLevel && shouldMaskNode(element, nodeSelfPrivacyLevel, false)
-        ? maskDisallowedTextContent(attributeValue || '', ACTION_NAME_PLACEHOLDER)
-        : attributeValue || '',
+    name: attributeValue,
     nameSource: ActionNameSource.STANDARD_ATTRIBUTE,
   }
 }
 
 function getActionNameFromTextualContent(
   element: Element | HTMLElement,
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ): ActionName {
   return {
-    name: getTextualContent(element, rumConfiguration) || '',
+    name: getTextualContent(element, rumConfiguration, nodePrivacyLevelCache) || '',
     nameSource: ActionNameSource.TEXT_CONTENT,
   }
 }
 
-function getTextualContent(element: Element, rumConfiguration: RumConfiguration) {
+function getTextualContent(
+  element: Element,
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
+) {
   if ((element as HTMLElement).isContentEditable) {
     return
   }
@@ -212,7 +235,8 @@ function getTextualContent(element: Element, rumConfiguration: RumConfiguration)
       element,
       userProgrammaticAttribute,
       enablePrivacyForActionName,
-      defaultPrivacyLevel
+      defaultPrivacyLevel,
+      nodePrivacyLevelCache
     )
   }
 
@@ -256,10 +280,9 @@ function getTextualContentWithTreeWalker(
   element: Element,
   userProgrammaticAttribute: string | undefined,
   privacyEnabledActionName: boolean,
-  defaultPrivacyLevel: NodePrivacyLevel
+  defaultPrivacyLevel: NodePrivacyLevel,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ) {
-  const nodePrivacyLevelCache: NodePrivacyLevelCache = new Map()
-
   const walker = document.createTreeWalker(
     element,
     // eslint-disable-next-line no-bitwise

packages/rum-core/src/domain/privacy.ts

@@ -5,7 +5,10 @@ import {
   CENSORED_STRING_MARK,
   getPrivacySelector,
   TEXT_MASKING_CHAR,
+  PRIVACY_ATTR_NAME,
 } from './privacyConstants'
+import { STABLE_ATTRIBUTES } from './getSelectorFromElement'
+import type { RumConfiguration } from './configuration'
 
 export type NodePrivacyLevelCache = Map<Node, NodePrivacyLevel>
 
@@ -128,16 +131,13 @@ export function getNodeSelfPrivacyLevel(node: Node): NodePrivacyLevel | undefine
  * Other `shouldMaskNode` cases are edge cases that should not matter too much (ex: should we mask a
  * node if it is ignored or hidden? it doesn't matter since it won't be serialized).
  */
-export function shouldMaskNode(node: Node, privacyLevel: NodePrivacyLevel, isTextContent: boolean = true) {
+export function shouldMaskNode(node: Node, privacyLevel: NodePrivacyLevel) {
   switch (privacyLevel) {
     case NodePrivacyLevel.MASK:
     case NodePrivacyLevel.HIDDEN:
     case NodePrivacyLevel.IGNORE:
       return true
     case NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED:
-      if (!isTextContent) {
-        return true
-      }
       if (isTextNode(node)) {
         // Always return true if our parent is a form element, like MASK_USER_INPUT.
         // Otherwise, decide whether to mask based on the allowlist.
@@ -153,6 +153,43 @@ export function shouldMaskNode(node: Node, privacyLevel: NodePrivacyLevel, isTex
   }
 }
 
+export function shouldMaskAttribute(
+  tagName: string,
+  attributeName: string,
+  nodePrivacyLevel: NodePrivacyLevel,
+  configuration: RumConfiguration,
+  attributeValue?: string | null
+) {
+  if (nodePrivacyLevel === NodePrivacyLevel.MASK || nodePrivacyLevel === NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED) {
+    if (
+      attributeName !== PRIVACY_ATTR_NAME &&
+      !STABLE_ATTRIBUTES.includes(attributeName) &&
+      attributeName !== configuration.actionNameAttribute
+    ) {
+      switch (attributeName) {
+        case 'title':
+        case 'alt':
+        case 'placeholder':
+          return true
+      }
+      if (tagName === 'A' && attributeName === 'href') {
+        return true
+      }
+      if (tagName === 'IFRAME' && attributeName === 'srcdoc') {
+        return true
+      }
+      if (attributeValue && attributeName.startsWith('data-')) {
+        return true
+      }
+      if ((tagName === 'IMG' || tagName === 'SOURCE' ) && (attributeName === 'src' || attributeName === 'srcset')) {
+        return true
+      }
+    }
+  }
+
+  return false
+}
+
 function isFormElement(node: Node | null): boolean {
   if (!node || node.nodeType !== node.ELEMENT_NODE) {
     return false

packages/rum/src/domain/record/serialization/htmlAst.specHelper.ts

@@ -854,7 +854,7 @@ export const AST_MASK_UNLESS_ALLOWLISTED = {
               type: 2,
               tagName: 'a',
               attributes: {
-                href: 'https://private.com/path/nested?query=param#hash',
+                href: '***',
               },
               childNodes: [
                 {
@@ -871,7 +871,7 @@ export const AST_MASK_UNLESS_ALLOWLISTED = {
               type: 2,
               tagName: 'img',
               attributes: {
-                src: 'https://private.com/path/nested?query=param#hash',
+                src: 'data:image/gif;base64,R0lGODlhAQABAIAAAMLCwgAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==',
               },
               childNodes: [],
             },

packages/rum/src/domain/record/serialization/serializeAttribute.ts

@@ -1,10 +1,9 @@
 import {
   NodePrivacyLevel,
-  PRIVACY_ATTR_NAME,
   CENSORED_STRING_MARK,
   CENSORED_IMG_MARK,
-  STABLE_ATTRIBUTES,
   sanitizeIfLongDataUrl,
+  shouldMaskAttribute,
 } from '@datadog/browser-rum-core'
 import type { RumConfiguration } from '@datadog/browser-rum-core'
 import { censoredImageForSize } from './serializationUtils'
@@ -24,24 +23,10 @@ export function serializeAttribute(
     return null
   }
   const attributeValue = element.getAttribute(attributeName)
-  if (
-    nodePrivacyLevel === NodePrivacyLevel.MASK &&
-    attributeName !== PRIVACY_ATTR_NAME &&
-    !STABLE_ATTRIBUTES.includes(attributeName) &&
-    attributeName !== configuration.actionNameAttribute
-  ) {
-    const tagName = element.tagName
-
-    switch (attributeName) {
-      // Mask Attribute text content
-      case 'title':
-      case 'alt':
-      case 'placeholder':
-        return CENSORED_STRING_MARK
-    }
-
+  const tagName = element.tagName
+  if (shouldMaskAttribute(tagName, attributeName, nodePrivacyLevel, configuration, attributeValue)) {
     // mask image URLs
-    if (tagName === 'IMG' && (attributeName === 'src' || attributeName === 'srcset')) {
+    if (tagName === 'IMG') {
       // generate image with similar dimension than the original to have the same rendering behaviour
       const image = element as HTMLImageElement
       if (image.naturalWidth > 0) {
@@ -55,26 +40,7 @@ export function serializeAttribute(
       return CENSORED_IMG_MARK
     }
 
-    // mask source URLs
-    if (tagName === 'SOURCE' && (attributeName === 'src' || attributeName === 'srcset')) {
-      return CENSORED_IMG_MARK
-    }
-
-    // mask <a> URLs
-    if (tagName === 'A' && attributeName === 'href') {
-      return CENSORED_STRING_MARK
-    }
-
-    // mask data-* attributes
-    if (attributeValue && attributeName.startsWith('data-')) {
-      // Exception: it's safe to reveal the `${PRIVACY_ATTR_NAME}` attr
-      return CENSORED_STRING_MARK
-    }
-
-    // mask iframe srcdoc
-    if (tagName === 'IFRAME' && attributeName === 'srcdoc') {
-      return CENSORED_STRING_MARK
-    }
+    return CENSORED_STRING_MARK
   }
 
   if (!attributeValue || typeof attributeValue !== 'string') {