posthog.com icon indicating copy to clipboard operation
posthog.com copied to clipboard
verified publisher icon PostHog

Tutorial - How to mask url parameters

Open MarconLP opened this issue 2 years ago • 2 comments

If you have a website that is carrying sensitive data over the url (in this example secret_code in this url http://localhost:3000/?secret_code=12345), you will have to use the option sanitize_properties in the init function.

posthog.init("PROJECT_KEY, {
  sanitize_properties: (properties, event) => {
    const paramStartIndex = properties.$current_url.indexOf("secret_code=");
    const url = properties.$current_url;
    let maskedUrl = "";
    if (paramStartIndex !== -1) {
      const paramEndIndex = url.indexOf("&", paramStartIndex);
      maskedUrl =
        url.substring(0, paramStartIndex) +
        "secret_code=*****" +
        url.substring(paramEndIndex !== -1 ? paramEndIndex : url.length);
    }
    return { ...properties, $current_url: maskedUrl };
  },
});

MarconLP avatar Nov 07 '23 14:11 MarconLP

Should this be a tutorial or in the doc somewhere?

andyvan-ph avatar Nov 07 '23 14:11 andyvan-ph

A tutorial, since it falls into the same category as the Pageview tracking in SPA's tutorial (https://posthog.com/tutorials/single-page-app-pageviews)

MarconLP avatar Nov 07 '23 16:11 MarconLP