increase restrictions of attr tracking

src/autotrack.js

@@ -50,16 +50,20 @@ var autotrack = {
             'tag_name': elem.tagName.toLowerCase()
         };
 
-        if (_.includes(['input', 'select', 'textarea'], elem.tagName.toLowerCase())) {
-            var formFieldValue = this._getFormFieldValue(elem);
-            if (this._includeProperty(elem, formFieldValue)) {
-                props['value'] = formFieldValue;
+        if (this._includeField(elem)) {
+            if (_.includes(['input', 'select', 'textarea'], elem.tagName.toLowerCase())) {
+                var formFieldValue = this._getFormFieldValue(elem);
+                if (this._includeFieldValue(formFieldValue)) {
+                    props['value'] = formFieldValue;
+                }
             }
-        }
 
-        _.each(elem.attributes, function(attr) {
-            props['attr__' + attr.name] = attr.value;
-        });
+            _.each(elem.attributes, function(attr) {
+                if (this._includeFieldValue(attr.value)) {
+                    props['attr__' + attr.name] = attr.value;
+                }
+            }, this);
+        }
 
         var nthChild = 1;
         var nthOfType = 1;
@@ -153,7 +157,7 @@ var autotrack = {
         return value;
     },
 
-    _includeProperty: function(input, value) {
+    _includeField: function(input) {
         for (var curEl = input; curEl.parentNode && !this._isTag(curEl, 'body'); curEl = curEl.parentNode) {
             var classes = this._getClassName(curEl).split(' ');
             if (_.includes(classes, 'mp-sensitive') || _.includes(classes, 'mp-no-track')) {
@@ -165,10 +169,6 @@ var autotrack = {
             return true;
         }
 
-        if (value === null) {
-            return false;
-        }
-
         // don't include hidden or password fields
         var type = input.type || '';
         switch(type.toLowerCase()) {
@@ -185,6 +185,14 @@ var autotrack = {
             return false;
         }
 
+        return true;
+    },
+
+    _includeFieldValue: function(value) {
+        if (value === null) {
+            return false;
+        }
+
         if (typeof value === 'string') {
             // check to see if input value looks like a credit card number
             // see: https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch04s20.html
@@ -216,7 +224,7 @@ var autotrack = {
                 val = field.value || field.textContent;
                 break;
         }
-        return this._includeProperty(field, val) ? val : null;
+        return this._includeField(field) && this._includeFieldValue(val) ? val : null;
     },
 
     _getFormFieldProperties: function(form) {
@@ -226,7 +234,7 @@ var autotrack = {
             if (name !== null) {
                 name = '$form_field__' + name;
                 var val = this._getFormFieldValue(field);
-                if (this._includeProperty(field, val)) {
+                if (this._includeField(field) && this._includeFieldValue(val)) {
                     var prevFieldVal = formFieldProps[name];
                     if (prevFieldVal !== undefined) { // combine values for inputs of same name
                         formFieldProps[name] = [].concat(prevFieldVal, val);

tests/unit/testAutotrack.js

@@ -233,7 +233,7 @@ describe('Collect Everything system', function() {
     });
   });
 
-  describe('_includeProperty', function() {
+  describe('_includeField', function() {
     let input, parent1, parent2;
 
     beforeEach(function() {
@@ -245,47 +245,38 @@ describe('Collect Everything system', function() {
       document.body.appendChild(parent2);
     });
 
-    it('should return false when the value is null', function() {
-      input.type = 'password';
-      input.className = 'test1 test2';
-      input.value = 'force included password';
-      expect(autotrack._includeProperty(input, null)).to.equal(false);
-    });
-
     it('should include sensitive inputs with class "mp-include"', function() {
       input.type = 'password';
       input.className = 'test1 mp-include test2';
-      expect(autotrack._includeProperty(input, 'some password')).to.equal(true);
-      expect(autotrack._includeProperty(input, null)).to.equal(true);
+      expect(autotrack._includeField(input)).to.equal(true);
     });
 
     it('should never include inputs with class "mp-sensitive"', function() {
       input.type = 'text';
       input.className = 'test1 mp-include mp-sensitive test2';
-      expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
-      expect(autotrack._includeProperty(input, null)).to.equal(false);
+      expect(autotrack._includeField(input)).to.equal(false);
     });
 
     it('should not include elements with class "mp-no-track" as properties', function() {
       input.type = 'text';
       input.className = 'test1 mp-no-track test2';
-      expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
+      expect(autotrack._includeField(input)).to.equal(false);
     });
 
     it('should not include elements with a parent that have class "mp-no-track" as properties', function() {
       parent2.className = 'mp-no-track';
       input.type = 'text';
-      expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
+      expect(autotrack._includeField(input)).to.equal(false);
     });
 
     it('should not include hidden fields', function() {
       input.type = 'hidden';
-      expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
+      expect(autotrack._includeField(input)).to.equal(false);
     });
 
     it('should not include password fields', function() {
       input.type = 'password';
-      expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
+      expect(autotrack._includeField(input)).to.equal(false);
     });
 
     it('should not include fields with sensitive names', function() {
@@ -308,29 +299,31 @@ describe('Collect Everything system', function() {
       input.type = 'text';
       sensitiveNames.forEach(name => {
         input.name = name;
-        expect(autotrack._includeProperty(input, 'some value')).to.equal(false);
+        expect(autotrack._includeField(input)).to.equal(false);
       });
     });
 
-    it('should not include numbers that look like valid credit cards', function() {
+    it('should include non-sensitive inputs', function() {
       input.type = 'text';
+      expect(autotrack._includeField(input)).to.equal(true);
+    });
+  });
+
+  describe('_includeFieldValue', function() {
+    it('should return false when the value is null', function() {
+      expect(autotrack._includeFieldValue(null)).to.equal(false);
+    });
+
+    it('should not include numbers that look like valid credit cards', function() {
       // one for each type on http://www.getcreditcardnumbers.com/
       const validCCNumbers = ['3419-881002-84912', '30148420855976', '5183792099737678', '6011-5100-8788-7057', '180035601937848', '180072512946394', '4556617778508'];
       validCCNumbers.forEach(num => {
-        expect(autotrack._includeProperty(input, num)).to.equal(false);
+        expect(autotrack._includeFieldValue(num)).to.equal(false);
       });
     });
 
     it('should not include values that look like social security numbers', function() {
-      input.type = 'text';
-      input.value = '123-45-6789';
-      expect(autotrack._includeProperty(input, input.value)).to.equal(false);
-    });
-
-    it('should include non-sensitive inputs', function() {
-      input.type = 'text';
-      input.value = 'Josh';
-      expect(autotrack._includeProperty(input, input.value)).to.equal(true);
+      expect(autotrack._includeFieldValue('123-45-6789')).to.equal(false);
     });
   });
 
@@ -380,7 +373,6 @@ describe('Collect Everything system', function() {
         '$form_field__id': 'id',
       });
     });
-
   });
 
   describe('isBrowserSupported', function() {