getsentry
Support SensitiveContent
Problem Statement
The latest main/beta versions of Flutter have a way to mask sensitive content via the SensitiveContent widget (see link down below). The various features of Sentry (session replay, screenshots, etc) should respect that too due to privacy concerns.
https://main-api.flutter.dev/flutter/widgets/SensitiveContent-class.html
Solution Brainstorm
Are you willing to submit a PR?
No
There’s also some third party widgets that do this, for example https://pub.dev/packages/obscure_widget
It would be nice if those could be supported too.
Maybe with a configuration that looks something like this:
options.sensitiveContentWidgetTypes.add(SensitiveContent);
That has the benefit of making it independent of the Flutter version and the chosen solution at all
You can do that already: options.privacy.mask<SensitiveContent>() - Maybe SensitiveContent can be supported out of the box. But the rest is already possible.
You can do that already: options.privacy.mask<SensitiveContent>() - Maybe SensitiveContent can be supported out of the box.
Yeah agreed, I'll add that to the default masking config
Any ideas how we can support this ootb on older Flutter versions? SensitiveContent is not available in older versions and checking by runtimeType won't work in obfuscated builds
The only thing I can think of is this but that's not robust at all.
rules.add(SentryMaskingCustomRule<Widget>(
callback: (Element element, Widget widget) {
dynamic dynWidget = widget;
try {
dynWidget.sensitivity;
return SentryMaskingDecision.mask;
} catch (e) {
return SentryMaskingDecision.continueProcessing;
}
},
name: 'SensitiveContent',
description: 'Mask SensitiveContent'));
otherwise if we can't impl it ootb in the SDK we'll have to make this clear in the docs.
You can add a check for the Flutter version, which makes it more robust and ideally also tree shakeable