Skip to content

feat(session-replay-browser): ugc removal poc #1062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jun 12, 2025
Merged

feat(session-replay-browser): ugc removal poc #1062

merged 9 commits into from
Jun 12, 2025

Conversation

bravecod
Copy link
Contributor

@bravecod bravecod commented May 5, 2025
edited
Loading

[Experimental]

Summary

This pull request introduces a new feature to support User-Generated Content (UGC) filtering in the Session Replay library. It includes changes to add UGC filter rules, apply them to page URLs, and validate their usage. The changes span across configuration, helper methods, hooks, and tests.

UGC Filtering Feature Implementation

  • Configuration Updates:

    • Added a new UGCFilterRule type to define UGC filter rules with selector and replacement properties. (packages/session-replay-browser/src/config/types.ts, packages/session-replay-browser/src/config/types.tsR53-R66)
    • Updated SessionReplayLocalConfig to include an optional ugcFilterRules property. (packages/session-replay-browser/src/config/local-config.ts, [1] [2]

  • Helper Functionality:

  • Integration in Hooks:

    • Updated click and scroll hooks to use getPageUrl for applying UGC filter rules to event data. (packages/session-replay-browser/src/hooks/click.ts, [1]; packages/session-replay-browser/src/hooks/scroll.ts, [2]

Testing Enhancements

  • Unit Tests for getPageUrl:

  • Integration Tests for Hooks:

    • Ensured click and scroll events correctly apply UGC filter rules in various scenarios. (packages/session-replay-browser/test/hooks/click.test.ts, [1]; packages/session-replay-browser/test/hooks/scroll.test.ts, [2]

These changes collectively enable UGC filtering for improved privacy and customization in session replay data.

Checklist

  • Does your PR title have the correct title format?
  • Does your PR have a breaking change?:

@promptless Promptless
Copy link

promptless bot commented May 5, 2025

📝 Documentation updates detected! You can review documentation updates here

lewgordon-amplitude
lewgordon-amplitude reviewed May 5, 2025
View reviewed changes
Copy link
Contributor

@lewgordon-amplitude lewgordon-amplitude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall and I think it's pretty close. Just wanted to discuss a few things before shipping this.

bravecod
bravecod commented May 7, 2025
View reviewed changes
bravecod
bravecod commented May 7, 2025
View reviewed changes
bravecod
bravecod commented May 7, 2025
View reviewed changes
@bravecod bravecod force-pushed the SR-1073-PoC-URL-UGC-removal branch from ac0aff4 to 27df1bb Compare May 22, 2025 20:59
lewgordon-amplitude
lewgordon-amplitude approved these changes May 23, 2025
View reviewed changes
Copy link
Contributor

@lewgordon-amplitude lewgordon-amplitude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one comment though.

cursor-com[bot]

This comment was marked as outdated.

Sign in to view

lewgordon-amplitude
lewgordon-amplitude reviewed Jun 11, 2025
View reviewed changes
Copy link
Contributor

@lewgordon-amplitude lewgordon-amplitude left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One request then I think we're OK

cursor-com[bot]

This comment was marked as outdated.

Sign in to view

@bravecod bravecod force-pushed the SR-1073-PoC-URL-UGC-removal branch from 59ca82a to d52a4b4 Compare June 11, 2025 18:25
cursor-com[bot]

This comment was marked as outdated.

Sign in to view

cursor-com[bot]

This comment was marked as outdated.

Sign in to view

cursor-com[bot]
cursor-com bot reviewed Jun 12, 2025
View reviewed changes
Copy link

@cursor-com cursor-com bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: UGC Filter Rules Validation Errors

The ugcFilterRules configuration introduces two related validation bugs:

  1. validateUGCFilterRules lacks an Array.isArray check, causing a TypeError (.every is not a function) and SDK crash if ugcFilterRules is not an array.
  2. getPageUrl assumes elements within ugcFilterRules are objects with selector and replacement properties. Remote ugcFilterRules are not validated, so if they contain non-objects (e.g., strings), accessing rule.selector causes a TypeError in globToRegex, crashing event processing.

packages/session-replay-browser/src/helpers.ts#L163-L185

Amplitude-TypeScript/packages/session-replay-browser/src/helpers.ts

Lines 163 to 185 in 0e3fd9e

export const validateUGCFilterRules = (ugcFilterRules: UGCFilterRule[]) => {
// validate ugcFilterRules
if (!ugcFilterRules.every((rule) => typeof rule.selector === 'string' && typeof rule.replacement === 'string')) {
throw new Error('ugcFilterRules must be an array of objects with selector and replacement properties');
}
// validate ugcFilterRules are valid globs
if (!ugcFilterRules.every((rule) => isValidGlobUrl(rule.selector))) {
throw new Error('ugcFilterRules must be an array of objects with valid globs');
}
};
export const getPageUrl = (pageUrl: string, ugcFilterRules: UGCFilterRule[]) => {
// apply ugcFilterRules, order is important, first rule wins
for (const rule of ugcFilterRules) {
const regex = globToRegex(rule.selector);
if (regex.test(pageUrl)) {
return pageUrl.replace(regex, rule.replacement);
}
}
return pageUrl;

Fix in Cursor

Bug: UGC Filtering Logic Fails Remote Configuration Handling

The logic introduced to preserve local ugcFilterRules during remote configuration fetching is flawed. If the remote interactionConfig is absent, any locally provided ugcFilterRules are discarded, silently disabling UGC filtering. Conversely, if a remote interactionConfig is present, local ugcFilterRules incorrectly overwrite remote ugcFilterRules, violating the intended precedence for remote configuration. This results in either silent disabling of UGC filtering or unexpected masking behavior.

packages/session-replay-browser/src/config/joined-config.ts#L60-L82

Amplitude-TypeScript/packages/session-replay-browser/src/config/joined-config.ts

Lines 60 to 82 in 0e3fd9e

'sessionReplay',
'sr_sampling_config',
sessionId,
);
const privacyConfig = await this.remoteConfigFetch.getRemoteConfig(
'sessionReplay',
'sr_privacy_config',
sessionId,
);
const ugcFilterRules = config.interactionConfig?.ugcFilterRules;
// This is intentionally forced to only be set through the remote config.
config.interactionConfig = await this.remoteConfigFetch.getRemoteConfig(
'sessionReplay',
'sr_interaction_config',
sessionId,
);
if (config.interactionConfig && ugcFilterRules) {
config.interactionConfig.ugcFilterRules = ugcFilterRules;
}
// This is intentionally forced to only be set through the remote config.

Fix in Cursor

Was this report helpful? Give feedback by reacting with 👍 or 👎

@bravecod bravecod merged commit c63fafd into main Jun 12, 2025
10 of 11 checks passed
@bravecod bravecod deleted the SR-1073-PoC-URL-UGC-removal branch June 12, 2025 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lewgordon-amplitude lewgordon-amplitude lewgordon-amplitude approved these changes

@cursor-com cursor-com[bot] cursor-com[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bravecod @lewgordon-amplitude