posthog-js
posthog-js copied to clipboard
PostHog
chore: refactor sensitive data capture
The logic for whether or not to capture certain elements (including sensitive data) was a bit confusing to follow, so trying to clear that up in this PR.
Originally I opened https://github.com/PostHog/posthog-js/pull/2643 but that didn't really address the core issue.
In particular there were some cases such as that identified in #42648 where we'd identify sensitive data and prevent capturing of attributes, but still capture the actual elements (including attributes) inside $elements_chain.
Changes
- Removes the sensitive field name regex by removing
shouldCaptureElement(the remaining logic is now split intoisExplicitNoCapture/isExplicitCapture) - That regex matched element names/IDs like
password,ccnum,ssnand blocked capture -
Why this is safe:
-
isSensitiveElementalready protects ALL input/select/textarea elements by type -
shouldCaptureValuestill filters actual CC/SSN patterns from values - The regex was inconsistent (elements still appeared in
$elements_chain) and caused false positives (e.g., blocking href capture anddata-ph-capture-attributeattributes from<a id="password" data-ph-capture-attribute-key="value">Reset password</a>)
-
- Explicit opt-out via
ph-no-capture/ph-sensitiveclasses still works as expected
Release info Sub-libraries affected
Libraries affected
- [ ] All of them
- [x] posthog-js (web)
- [ ] posthog-js-lite (web lite)
- [ ] posthog-node
- [ ] posthog-react-native
- [ ] @posthog/react
- [ ] @posthog/ai
- [ ] @posthog/nextjs-config
- [ ] @posthog/nuxt
Checklist
- [x] Tests for new code
- [x] Accounted for the impact of any changes across different platforms
- [x] Accounted for backwards compatibility of any changes (no breaking changes!)
- [x] Took care not to unnecessarily increase the bundle size
If releasing new changes
- [ ] Ran
pnpm changesetto generate a changeset file - [ ] Added the "release" label to the PR to indicate we're publishing new versions for the affected packages
The latest updates on your projects. Learn more about Vercel for GitHub.
| Project | Deployment | Preview | Updated (UTC) |
|---|---|---|---|
| posthog-js |  Ready |
Preview | Nov 27, 2025 5:46pm |
| posthog-nextjs-config | Ready |
Preview | Nov 27, 2025 5:46pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey @luke-belton! đ This pull request seems to contain no description. Please add useful context, rationale, and/or any other information that will help make sense of this change now and in the distant Mars-based future.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Size Change: -3.68 kB (-0.07%)
Total Size: 5.19 MB
| Filename | Size | Change |
|---|---|---|
packages/browser/dist/all-external-dependencies.js |
228 kB | -308 B (-0.14%) |
packages/browser/dist/array.full.es5.js |
302 kB | -308 B (-0.1%) |
packages/browser/dist/array.full.js |
372 kB | -308 B (-0.08%) |
packages/browser/dist/array.full.no-external.js |
387 kB | -308 B (-0.08%) |
packages/browser/dist/array.js |
166 kB | -305 B (-0.18%) |
packages/browser/dist/array.no-external.js |
179 kB | -305 B (-0.17%) |
packages/browser/dist/dead-clicks-autocapture.js |
12.7 kB | -304 B (-2.33%) |
packages/browser/dist/main.js |
167 kB | -305 B (-0.18%) |
packages/browser/dist/module.full.js |
372 kB | -308 B (-0.08%) |
packages/browser/dist/module.full.no-external.js |
387 kB | -308 B (-0.08%) |
packages/browser/dist/module.js |
167 kB | -305 B (-0.18%) |
packages/browser/dist/module.no-external.js |
181 kB | -305 B (-0.17%) |
âšī¸ View Unchanged
| Filename | Size | Change | |
|---|---|---|---|
packages/ai/dist/anthropic/index.cjs |
17.8 kB | 0 B | |
packages/ai/dist/anthropic/index.mjs |
17.6 kB | 0 B | |
packages/ai/dist/gemini/index.cjs |
23.4 kB | 0 B | |
packages/ai/dist/gemini/index.mjs |
23.2 kB | 0 B | |
packages/ai/dist/index.cjs |
140 kB | 0 B | |
packages/ai/dist/index.mjs |
140 kB | 0 B | |
packages/ai/dist/langchain/index.cjs |
41.2 kB | 0 B | |
packages/ai/dist/langchain/index.mjs |
40.7 kB | 0 B | |
packages/ai/dist/openai/index.cjs |
42.3 kB | 0 B | |
packages/ai/dist/openai/index.mjs |
42 kB | 0 B | |
packages/ai/dist/vercel/index.cjs |
30 kB | 0 B | |
packages/ai/dist/vercel/index.mjs |
30 kB | 0 B | |
packages/browser/dist/crisp-chat-integration.js |
2.11 kB | 0 B | |
packages/browser/dist/customizations.full.js |
19.2 kB | 0 B | |
packages/browser/dist/exception-autocapture.js |
11.8 kB | 0 B | |
packages/browser/dist/external-scripts-loader.js |
2.95 kB | 0 B | |
packages/browser/dist/intercom-integration.js |
2.16 kB | 0 B | |
packages/browser/dist/lazy-recorder.js |
150 kB | 0 B | |
packages/browser/dist/posthog-recorder.js |
247 kB | 0 B | |
packages/browser/dist/product-tours.js |
53.7 kB | 0 B | |
packages/browser/dist/recorder-v2.js |
113 kB | 0 B | |
packages/browser/dist/recorder.js |
113 kB | 0 B | |
packages/browser/dist/surveys-preview.js |
72.6 kB | 0 B | |
packages/browser/dist/surveys.js |
84.4 kB | 0 B | |
packages/browser/dist/tracing-headers.js |
1.93 kB | 0 B | |
packages/browser/dist/web-vitals.js |
10.5 kB | 0 B | |
packages/browser/react/dist/esm/index.js |
19.3 kB | 0 B | |
packages/browser/react/dist/umd/index.js |
22.4 kB | 0 B | |
packages/core/dist/error-tracking/chunk-ids.js |
2.54 kB | 0 B | |
packages/core/dist/error-tracking/chunk-ids.mjs |
1.31 kB | 0 B | |
packages/core/dist/error-tracking/coercers/dom-exception-coercer.js |
2.3 kB | 0 B | |
packages/core/dist/error-tracking/coercers/dom-exception-coercer.mjs |
993 B | 0 B | |
packages/core/dist/error-tracking/coercers/error-coercer.js |
2.02 kB | 0 B | |
packages/core/dist/error-tracking/coercers/error-coercer.mjs |
794 B | 0 B | |
packages/core/dist/error-tracking/coercers/error-event-coercer.js |
1.76 kB | 0 B | |
packages/core/dist/error-tracking/coercers/error-event-coercer.mjs |
513 B | 0 B | |
packages/core/dist/error-tracking/coercers/event-coercer.js |
1.82 kB | 0 B | |
packages/core/dist/error-tracking/coercers/event-coercer.mjs |
548 B | 0 B | |
packages/core/dist/error-tracking/coercers/index.js |
6.79 kB | 0 B | |
packages/core/dist/error-tracking/coercers/index.mjs |
326 B | 0 B | |
packages/core/dist/error-tracking/coercers/object-coercer.js |
3.46 kB | 0 B | |
packages/core/dist/error-tracking/coercers/object-coercer.mjs |
2.07 kB | 0 B | |
packages/core/dist/error-tracking/coercers/primitive-coercer.js |
1.67 kB | 0 B | |
packages/core/dist/error-tracking/coercers/primitive-coercer.mjs |
419 B | 0 B | |
packages/core/dist/error-tracking/coercers/promise-rejection-event.js |
2.25 kB | 0 B | |
packages/core/dist/error-tracking/coercers/promise-rejection-event.mjs |
904 B | 0 B | |
packages/core/dist/error-tracking/coercers/string-coercer.js |
2.01 kB | 0 B | |
packages/core/dist/error-tracking/coercers/string-coercer.mjs |
820 B | 0 B | |
packages/core/dist/error-tracking/coercers/utils.js |
2.06 kB | 0 B | |
packages/core/dist/error-tracking/coercers/utils.mjs |
716 B | 0 B | |
packages/core/dist/error-tracking/error-properties-builder.js |
5.49 kB | 0 B | |
packages/core/dist/error-tracking/error-properties-builder.mjs |
4.15 kB | 0 B | |
packages/core/dist/error-tracking/index.js |
4.11 kB | 0 B | |
packages/core/dist/error-tracking/index.mjs |
152 B | 0 B | |
packages/core/dist/error-tracking/parsers/base.js |
1.83 kB | 0 B | |
packages/core/dist/error-tracking/parsers/base.mjs |
464 B | 0 B | |
packages/core/dist/error-tracking/parsers/chrome.js |
2.73 kB | 0 B | |
packages/core/dist/error-tracking/parsers/chrome.mjs |
1.32 kB | 0 B | |
packages/core/dist/error-tracking/parsers/gecko.js |
2.47 kB | 0 B | |
packages/core/dist/error-tracking/parsers/gecko.mjs |
1.13 kB | 0 B | |
packages/core/dist/error-tracking/parsers/index.js |
4.38 kB | 0 B | |
packages/core/dist/error-tracking/parsers/index.mjs |
1.94 kB | 0 B | |
packages/core/dist/error-tracking/parsers/node.js |
3.94 kB | 0 B | |
packages/core/dist/error-tracking/parsers/node.mjs |
2.68 kB | 0 B | |
packages/core/dist/error-tracking/parsers/opera.js |
2.26 kB | 0 B | |
packages/core/dist/error-tracking/parsers/opera.mjs |
746 B | 0 B | |
packages/core/dist/error-tracking/parsers/safari.js |
1.88 kB | 0 B | |
packages/core/dist/error-tracking/parsers/safari.mjs |
574 B | 0 B | |
packages/core/dist/error-tracking/parsers/winjs.js |
1.72 kB | 0 B | |
packages/core/dist/error-tracking/parsers/winjs.mjs |
426 B | 0 B | |
packages/core/dist/error-tracking/types.js |
1.33 kB | 0 B | |
packages/core/dist/error-tracking/types.mjs |
131 B | 0 B | |
packages/core/dist/error-tracking/utils.js |
1.8 kB | 0 B | |
packages/core/dist/error-tracking/utils.mjs |
604 B | 0 B | |
packages/core/dist/eventemitter.js |
1.78 kB | 0 B | |
packages/core/dist/eventemitter.mjs |
571 B | 0 B | |
packages/core/dist/featureFlagUtils.js |
6.5 kB | 0 B | |
packages/core/dist/featureFlagUtils.mjs |
4.28 kB | 0 B | |
packages/core/dist/gzip.js |
1.88 kB | 0 B | |
packages/core/dist/gzip.mjs |
577 B | 0 B | |
packages/core/dist/index.js |
5.7 kB | 0 B | |
packages/core/dist/index.mjs |
485 B | 0 B | |
packages/core/dist/posthog-core-stateless.js |
29.6 kB | 0 B | |
packages/core/dist/posthog-core-stateless.mjs |
27.1 kB | 0 B | |
packages/core/dist/posthog-core.js |
28.2 kB | 0 B | |
packages/core/dist/posthog-core.mjs |
24 kB | 0 B | |
packages/core/dist/process/index.js |
2.77 kB | 0 B | |
packages/core/dist/process/index.mjs |
114 B | 0 B | |
packages/core/dist/process/spawn-local.js |
1.82 kB | 0 B | |
packages/core/dist/process/spawn-local.mjs |
568 B | 0 B | |
packages/core/dist/process/utils.js |
3.12 kB | 0 B | |
packages/core/dist/process/utils.mjs |
1.15 kB | 0 B | |
packages/core/dist/testing/index.js |
2.93 kB | 0 B | |
packages/core/dist/testing/index.mjs |
79 B | 0 B | |
packages/core/dist/testing/PostHogCoreTestClient.js |
3.15 kB | 0 B | |
packages/core/dist/testing/PostHogCoreTestClient.mjs |
1.74 kB | 0 B | |
packages/core/dist/testing/test-utils.js |
2.77 kB | 0 B | |
packages/core/dist/testing/test-utils.mjs |
1.09 kB | 0 B | |
packages/core/dist/types.js |
8.2 kB | 0 B | |
packages/core/dist/types.mjs |
5.93 kB | 0 B | |
packages/core/dist/utils/bot-detection.js |
3.28 kB | 0 B | |
packages/core/dist/utils/bot-detection.mjs |
1.95 kB | 0 B | |
packages/core/dist/utils/bucketed-rate-limiter.js |
3 kB | 0 B | |
packages/core/dist/utils/bucketed-rate-limiter.mjs |
1.62 kB | 0 B | |
packages/core/dist/utils/index.js |
11 kB | 0 B | |
packages/core/dist/utils/index.mjs |
1.94 kB | 0 B | |
packages/core/dist/utils/logger.js |
2.5 kB | 0 B | |
packages/core/dist/utils/logger.mjs |
1.22 kB | 0 B | |
packages/core/dist/utils/number-utils.js |
2 kB | 0 B | |
packages/core/dist/utils/number-utils.mjs |
735 B | 0 B | |
packages/core/dist/utils/promise-queue.js |
2 kB | 0 B | |
packages/core/dist/utils/promise-queue.mjs |
768 B | 0 B | |
packages/core/dist/utils/string-utils.js |
1.91 kB | 0 B | |
packages/core/dist/utils/string-utils.mjs |
414 B | 0 B | |
packages/core/dist/utils/type-utils.js |
6.93 kB | 0 B | |
packages/core/dist/utils/type-utils.mjs |
3.03 kB | 0 B | |
packages/core/dist/vendor/uuidv7.js |
8.29 kB | 0 B | |
packages/core/dist/vendor/uuidv7.mjs |
6.72 kB | 0 B | |
packages/nextjs-config/dist/config.js |
4.97 kB | 0 B | |
packages/nextjs-config/dist/config.mjs |
3.48 kB | 0 B | |
packages/nextjs-config/dist/index.js |
2.24 kB | 0 B | |
packages/nextjs-config/dist/index.mjs |
30 B | 0 B | |
packages/nextjs-config/dist/utils.js |
3.83 kB | 0 B | |
packages/nextjs-config/dist/utils.mjs |
1.72 kB | 0 B | |
packages/node/dist/client.js |
24.2 kB | 0 B | |
packages/node/dist/client.mjs |
22.3 kB | 0 B | |
packages/node/dist/entrypoints/index.edge.js |
4.25 kB | 0 B | |
packages/node/dist/entrypoints/index.edge.mjs |
723 B | 0 B | |
packages/node/dist/entrypoints/index.node.js |
5.55 kB | 0 B | |
packages/node/dist/entrypoints/index.node.mjs |
1.08 kB | 0 B | |
packages/node/dist/experimental.js |
603 B | 0 B | |
packages/node/dist/experimental.mjs |
0 B | 0 B | đ |
packages/node/dist/exports.js |
3.6 kB | 0 B | |
packages/node/dist/exports.mjs |
124 B | 0 B | |
packages/node/dist/extensions/context/context.js |
2.12 kB | 0 B | |
packages/node/dist/extensions/context/context.mjs |
862 B | 0 B | |
packages/node/dist/extensions/context/types.js |
603 B | 0 B | |
packages/node/dist/extensions/context/types.mjs |
0 B | 0 B | đ |
packages/node/dist/extensions/error-tracking/autocapture.js |
2.66 kB | 0 B | |
packages/node/dist/extensions/error-tracking/autocapture.mjs |
1.24 kB | 0 B | |
packages/node/dist/extensions/error-tracking/index.js |
3.88 kB | 0 B | |
packages/node/dist/extensions/error-tracking/index.mjs |
2.61 kB | 0 B | |
packages/node/dist/extensions/error-tracking/modifiers/context-lines.node.js |
8.81 kB | 0 B | |
packages/node/dist/extensions/error-tracking/modifiers/context-lines.node.mjs |
7.15 kB | 0 B | |
packages/node/dist/extensions/error-tracking/modifiers/module.node.js |
2.78 kB | 0 B | |
packages/node/dist/extensions/error-tracking/modifiers/module.node.mjs |
1.45 kB | 0 B | |
packages/node/dist/extensions/express.js |
2.75 kB | 0 B | |
packages/node/dist/extensions/express.mjs |
1.16 kB | 0 B | |
packages/node/dist/extensions/feature-flags/cache.js |
603 B | 0 B | |
packages/node/dist/extensions/feature-flags/cache.mjs |
0 B | 0 B | đ |
packages/node/dist/extensions/feature-flags/crypto.js |
1.57 kB | 0 B | |
packages/node/dist/extensions/feature-flags/crypto.mjs |
395 B | 0 B | |
packages/node/dist/extensions/feature-flags/feature-flags.js |
30.9 kB | 0 B | |
packages/node/dist/extensions/feature-flags/feature-flags.mjs |
28.9 kB | 0 B | |
packages/node/dist/extensions/sentry-integration.js |
4.66 kB | 0 B | |
packages/node/dist/extensions/sentry-integration.mjs |
3.17 kB | 0 B | |
packages/node/dist/storage-memory.js |
1.52 kB | 0 B | |
packages/node/dist/storage-memory.mjs |
297 B | 0 B | |
packages/node/dist/types.js |
603 B | 0 B | |
packages/node/dist/types.mjs |
0 B | 0 B | đ |
packages/node/dist/version.js |
1.21 kB | 0 B | |
packages/node/dist/version.mjs |
46 B | 0 B | |
packages/nuxt/dist/module.mjs |
4.19 kB | 0 B | |
packages/nuxt/dist/runtime/nitro-plugin.js |
1.08 kB | 0 B | |
packages/nuxt/dist/runtime/vue-plugin.js |
1.14 kB | 0 B | |
packages/react-native/dist/autocapture.js |
4.68 kB | 0 B | |
packages/react-native/dist/error-tracking/index.js |
6.77 kB | 0 B | |
packages/react-native/dist/error-tracking/utils.js |
2.58 kB | 0 B | |
packages/react-native/dist/frameworks/wix-navigation.js |
1.3 kB | 0 B | |
packages/react-native/dist/hooks/useFeatureFlag.js |
1.49 kB | 0 B | |
packages/react-native/dist/hooks/useFeatureFlags.js |
821 B | 0 B | |
packages/react-native/dist/hooks/useNavigationTracker.js |
2.46 kB | 0 B | |
packages/react-native/dist/hooks/usePostHog.js |
467 B | 0 B | |
packages/react-native/dist/index.js |
3.12 kB | 0 B | |
packages/react-native/dist/native-deps.js |
7.91 kB | 0 B | |
packages/react-native/dist/optional/OptionalAsyncStorage.js |
299 B | 0 B | |
packages/react-native/dist/optional/OptionalExpoApplication.js |
377 B | 0 B | |
packages/react-native/dist/optional/OptionalExpoDevice.js |
347 B | 0 B | |
packages/react-native/dist/optional/OptionalExpoFileSystem.js |
386 B | 0 B | |
packages/react-native/dist/optional/OptionalExpoFileSystemLegacy.js |
423 B | 0 B | |
packages/react-native/dist/optional/OptionalExpoLocalization.js |
383 B | 0 B | |
packages/react-native/dist/optional/OptionalReactNativeDeviceInfo.js |
415 B | 0 B | |
packages/react-native/dist/optional/OptionalReactNativeLocalize.js |
303 B | 0 B | |
packages/react-native/dist/optional/OptionalReactNativeNavigation.js |
415 B | 0 B | |
packages/react-native/dist/optional/OptionalReactNativeNavigationWix.js |
443 B | 0 B | |
packages/react-native/dist/optional/OptionalReactNativeSafeArea.js |
644 B | 0 B | |
packages/react-native/dist/optional/OptionalSessionReplay.js |
455 B | 0 B | |
packages/react-native/dist/posthog-rn.js |
30.4 kB | 0 B | |
packages/react-native/dist/PostHogContext.js |
329 B | 0 B | |
packages/react-native/dist/PostHogProvider.js |
4.77 kB | 0 B | |
packages/react-native/dist/storage.js |
3.39 kB | 0 B | |
packages/react-native/dist/surveys/components/BottomSection.js |
1.34 kB | 0 B | |
packages/react-native/dist/surveys/components/Cancel.js |
909 B | 0 B | |
packages/react-native/dist/surveys/components/ConfirmationMessage.js |
1.58 kB | 0 B | |
packages/react-native/dist/surveys/components/QuestionHeader.js |
1.11 kB | 0 B | |
packages/react-native/dist/surveys/components/QuestionTypes.js |
10.1 kB | 0 B | |
packages/react-native/dist/surveys/components/SurveyModal.js |
3.86 kB | 0 B | |
packages/react-native/dist/surveys/components/Surveys.js |
7.18 kB | 0 B | |
packages/react-native/dist/surveys/getActiveMatchingSurveys.js |
3.69 kB | 0 B | |
packages/react-native/dist/surveys/icons.js |
7.76 kB | 0 B | |
packages/react-native/dist/surveys/index.js |
600 B | 0 B | |
packages/react-native/dist/surveys/PostHogSurveyProvider.js |
5.66 kB | 0 B | |
packages/react-native/dist/surveys/surveys-utils.js |
9.31 kB | 0 B | |
packages/react-native/dist/surveys/useActivatedSurveys.js |
3.38 kB | 0 B | |
packages/react-native/dist/surveys/useSurveyStorage.js |
2.16 kB | 0 B | |
packages/react-native/dist/tooling/expoconfig.js |
2.63 kB | 0 B | |
packages/react-native/dist/tooling/metroconfig.js |
2.2 kB | 0 B | |
packages/react-native/dist/tooling/posthogMetroSerializer.js |
4.78 kB | 0 B | |
packages/react-native/dist/tooling/utils.js |
4.05 kB | 0 B | |
packages/react-native/dist/tooling/vendor/expo/expoconfig.js |
70 B | 0 B | |
packages/react-native/dist/tooling/vendor/metro/countLines.js |
237 B | 0 B | |
packages/react-native/dist/tooling/vendor/metro/utils.js |
3.35 kB | 0 B | |
packages/react-native/dist/types.js |
70 B | 0 B | |
packages/react-native/dist/utils.js |
539 B | 0 B | |
packages/react-native/dist/version.js |
130 B | 0 B | |
packages/react/dist/esm/index.js |
19.3 kB | 0 B | |
packages/react/dist/umd/index.js |
22.4 kB | 0 B | |
packages/rollup-plugin/dist/index.js |
3.45 kB | 0 B | |
packages/web/dist/index.cjs |
13.8 kB | 0 B | |
packages/web/dist/index.mjs |
13.7 kB | 0 B | |
packages/webpack-plugin/dist/config.js |
2.65 kB | 0 B | |
packages/webpack-plugin/dist/config.mjs |
1.64 kB | 0 B | |
packages/webpack-plugin/dist/index.js |
6.38 kB | 0 B | |
packages/webpack-plugin/dist/index.mjs |
2.96 kB | 0 B | |
tooling/changelog/dist/index.js |
3.31 kB | 0 B | |
tooling/rollup-utils/dist/index.js |
1.17 kB | 0 B |
This PR hasn't seen activity in a week! Should it be merged, closed, or further worked on? If you want to keep it open, post a comment or remove the stale label â otherwise this will be closed in another week.
This PR was closed due to lack of activity. Feel free to reopen if it's still relevant.