Skip to content

feat(session-replay-browser): ugc removal poc #1062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Jun 12, 2025

Conversation

bravecod
Copy link
Contributor

@bravecod bravecod commented May 5, 2025

[Experimental]

Summary

This pull request introduces a new feature to support User-Generated Content (UGC) filtering in the Session Replay library. It includes changes to add UGC filter rules, apply them to page URLs, and validate their usage. The changes span across configuration, helper methods, hooks, and tests.

UGC Filtering Feature Implementation

  • Configuration Updates:

    • Added a new UGCFilterRule type to define UGC filter rules with selector and replacement properties. (packages/session-replay-browser/src/config/types.ts, packages/session-replay-browser/src/config/types.tsR53-R66)
    • Updated SessionReplayLocalConfig to include an optional ugcFilterRules property. (packages/session-replay-browser/src/config/local-config.ts, [1] [2]
  • Helper Functionality:

  • Integration in Hooks:

    • Updated click and scroll hooks to use getPageUrl for applying UGC filter rules to event data. (packages/session-replay-browser/src/hooks/click.ts, [1]; packages/session-replay-browser/src/hooks/scroll.ts, [2]

Testing Enhancements

  • Unit Tests for getPageUrl:

  • Integration Tests for Hooks:

    • Ensured click and scroll events correctly apply UGC filter rules in various scenarios. (packages/session-replay-browser/test/hooks/click.test.ts, [1]; packages/session-replay-browser/test/hooks/scroll.test.ts, [2]

These changes collectively enable UGC filtering for improved privacy and customization in session replay data.

Checklist

  • Does your PR title have the correct title format?
  • Does your PR have a breaking change?:

Copy link

promptless bot commented May 5, 2025

📝 Documentation updates detected! You can review documentation updates here

Copy link
Contributor

@lewgordon-amplitude lewgordon-amplitude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall and I think it's pretty close. Just wanted to discuss a few things before shipping this.

@bravecod bravecod force-pushed the SR-1073-PoC-URL-UGC-removal branch from ac0aff4 to 27df1bb Compare May 22, 2025 20:59
Copy link
Contributor

@lewgordon-amplitude lewgordon-amplitude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one comment though.

cursor-com[bot]

This comment was marked as outdated.

Copy link
Contributor

@lewgordon-amplitude lewgordon-amplitude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One request then I think we're OK

cursor-com[bot]

This comment was marked as outdated.

@bravecod bravecod force-pushed the SR-1073-PoC-URL-UGC-removal branch from 59ca82a to d52a4b4 Compare June 11, 2025 18:25
cursor-com[bot]

This comment was marked as outdated.

cursor-com[bot]

This comment was marked as outdated.

Copy link

@cursor-com cursor-com bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: UGC Filter Rules Validation Errors

The ugcFilterRules configuration introduces two related validation bugs:

  1. validateUGCFilterRules lacks an Array.isArray check, causing a TypeError (.every is not a function) and SDK crash if ugcFilterRules is not an array.
  2. getPageUrl assumes elements within ugcFilterRules are objects with selector and replacement properties. Remote ugcFilterRules are not validated, so if they contain non-objects (e.g., strings), accessing rule.selector causes a TypeError in globToRegex, crashing event processing.

packages/session-replay-browser/src/helpers.ts#L163-L185

export const validateUGCFilterRules = (ugcFilterRules: UGCFilterRule[]) => {
// validate ugcFilterRules
if (!ugcFilterRules.every((rule) => typeof rule.selector === 'string' && typeof rule.replacement === 'string')) {
throw new Error('ugcFilterRules must be an array of objects with selector and replacement properties');
}
// validate ugcFilterRules are valid globs
if (!ugcFilterRules.every((rule) => isValidGlobUrl(rule.selector))) {
throw new Error('ugcFilterRules must be an array of objects with valid globs');
}
};
export const getPageUrl = (pageUrl: string, ugcFilterRules: UGCFilterRule[]) => {
// apply ugcFilterRules, order is important, first rule wins
for (const rule of ugcFilterRules) {
const regex = globToRegex(rule.selector);
if (regex.test(pageUrl)) {
return pageUrl.replace(regex, rule.replacement);
}
}
return pageUrl;

Fix in Cursor


Bug: UGC Filtering Logic Fails Remote Configuration Handling

The logic introduced to preserve local ugcFilterRules during remote configuration fetching is flawed. If the remote interactionConfig is absent, any locally provided ugcFilterRules are discarded, silently disabling UGC filtering. Conversely, if a remote interactionConfig is present, local ugcFilterRules incorrectly overwrite remote ugcFilterRules, violating the intended precedence for remote configuration. This results in either silent disabling of UGC filtering or unexpected masking behavior.

packages/session-replay-browser/src/config/joined-config.ts#L60-L82

'sessionReplay',
'sr_sampling_config',
sessionId,
);
const privacyConfig = await this.remoteConfigFetch.getRemoteConfig(
'sessionReplay',
'sr_privacy_config',
sessionId,
);
const ugcFilterRules = config.interactionConfig?.ugcFilterRules;
// This is intentionally forced to only be set through the remote config.
config.interactionConfig = await this.remoteConfigFetch.getRemoteConfig(
'sessionReplay',
'sr_interaction_config',
sessionId,
);
if (config.interactionConfig && ugcFilterRules) {
config.interactionConfig.ugcFilterRules = ugcFilterRules;
}
// This is intentionally forced to only be set through the remote config.

Fix in Cursor


Was this report helpful? Give feedback by reacting with 👍 or 👎

@bravecod bravecod merged commit c63fafd into main Jun 12, 2025
10 of 11 checks passed
@bravecod bravecod deleted the SR-1073-PoC-URL-UGC-removal branch June 12, 2025 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants