posthog.com
posthog.com copied to clipboard
Tutorial - How to mask url parameters
If you have a website that is carrying sensitive data over the url (in this example secret_code in this url http://localhost:3000/?secret_code=12345), you will have to use the option sanitize_properties in the init function.
posthog.init("PROJECT_KEY, {
sanitize_properties: (properties, event) => {
const paramStartIndex = properties.$current_url.indexOf("secret_code=");
const url = properties.$current_url;
let maskedUrl = "";
if (paramStartIndex !== -1) {
const paramEndIndex = url.indexOf("&", paramStartIndex);
maskedUrl =
url.substring(0, paramStartIndex) +
"secret_code=*****" +
url.substring(paramEndIndex !== -1 ? paramEndIndex : url.length);
}
return { ...properties, $current_url: maskedUrl };
},
});
Should this be a tutorial or in the doc somewhere?
A tutorial, since it falls into the same category as the Pageview tracking in SPA's tutorial (https://posthog.com/tutorials/single-page-app-pageviews)