Tealeaf CX UI Capture for AJAX enables the blocking and masking of sensitive information within the client browser, before the data is forwarded to Tealeaf for capture, while allowing the data to be forwarded to your web servers for normal processing.
Blocked data
Sensitive data that is cleansed through UI Capture never reaches Tealeaf, which ensures that your customer's interactions are secure in UI Capture.
- UI Capture enables the blocking of user input data by element ID or name or both.
- Masks can be expressed as explicit strings, replacements for character types, or custom functions.
Specifying for JSON messages
The Tealeaf CX platform supports the capture of JSON-based messages from Tealeaf client frameworks, including a version of UI Capture.
Each JSON message corresponds to an individual step in the visitor's session. Multiple steps may exist on a single hit, and you can create events for individual steps of a hit.
Block array fields and mask types
The data and masking functions to apply privacy are defined as objects in the tlFieldBlock
array that can be found in TealeafSDKConfig.js
file of the UI Capture package. For each masking operation applied through UI Capture, you must specify a different row in the tlFieldBlock
array.
Field block array fields
For each masking operation applied through UI Capture, you must specify a different row in the tlFieldBlock
array. This array contains these fields:
Field name | Description |
---|---|
name |
A regular expression string that specifies the name of the element on the page to which to apply privacy. You can specify names, IDs, or both within a single record. |
id |
A regular expression string that specifies the ID of the element on the page to which to apply privacy. You can specify names, IDs, or both within a single record. |
caseinsensitive |
When set to true , UI Capture attempts a case-insensitive match the name or ID. For example, MyAttribute and myattribute both match. |
Mask types
Tealeaf provides three methods for masking or blocking sensitive data.
Mask Type | Description | JavaScript™ Function |
---|---|---|
Preserve Mask | Use this mask type to specify the mask to use for alphanumeric characters. Mask is specified in the tlPrivacyMask array. |
TeaLeaf.Client.PreserveMask(element); |
Basic Mask | Use this mask type to mask data with a pre-defined string, such as XXXXXX |
TeaLeaf.Client.BasicMask(element); |
Empty Mask | An empty mask removes all characters and does not replace them. | TeaLeaf.Client.EmptyMask(element); |
Custom Mask | You can replace any of the other calls to Tealeaf masking functions with a call to your own function. | N/A |
These methods are available as JavaScript functions, which are referenced in the declarations of each field in the tlFieldBlock
array.
Privacy mask
If needed, you can specify a privacy mask such that a different masking character is applied depending on the type of character. The tlPrivacyMask
is specified by using these fields:
Field | Description |
---|---|
upperChar |
This character is applied to uppercase alphabetical characters. The default value is X . |
lowerChar |
This character is applied to lowercase alphabetical characters. The default value is x . |
numericChar |
This character is applied to numeric characters. The default value is 9 . |
symbolChar |
This character is applied to symbol characters. The default value is # . |
Field masking
You can use UI Capture to add a mask over sensitive data that must be validated on the server. In the following example, credit card-related fields are masked by dummy characters to indicate that the data entered. After the changes are made to TealeafClientCfg.js
, the dummy field values are submitted to the server and processed.
Mask fields by using names and IDs
You can specify names and IDs by listing explicit values or by using regular expressions. Based on the evaluation of these expressions, the specified privacy operation can be applied to one or more page elements, including all page elements.
In the tlFieldBlock
data array, you reference fields by their unique identifiers (IDs). If IDs are unavailable, you can reference fields by name, which might not be unique.
To apply a privacy operation to a single named field:
{"name": "creditcard", ...
To apply a privacy operation to multiple named fields, separate the fields by the pipe character (|
):
{"name": "creditcard|password", ...
You can also apply regular expressions to match names or IDs based on patterns. Suppose that you defined page identifiers that require UI Capture privacy to have pvt
prefix in their ID value. To apply privacy, use the following regular expression as the value for the ID:
{"id": "^pvt", ...
You can also specify the same privacy masking operation for names and identifiers in a single record. In this example, two regular expressions are specified for matching names and IDs. These expressions match all values for the name and ID attributes, effectively blocking all element values from the page.
The result is that everything that is monitored by UI Capture is masked or blocked, based on the rule.
{"id": ".*", "name": ".*", ...
Mask fields by using ClassName
You can specify the fields to mask based on the CSS class for the fields. This method allows global masking of any field that is identified by using a common class.
Mask fields by using names and IDs
You can use regular expressions to specify the classname
. In this example, all fields with CSS classes that have the priv
prefix are masked.
{"classname": "priv.*", ...
Specifying values for name
or id
is not required.
Function declarations
The masking function API is:
string mask(DOMNode element);
Where:
element
is the DOM node with the matching name or ID attribute as specified in the masking record.string
is the masked return value that is sent by Tealeaf in the UI POST.
Limitations
UI Capture can only mask or block data that is collected through the UI Capture. This library does not provide access to data contained on the page, which is not managed by the library. The following examples cannot be made private by UI Capture:
- A visitor ID embedded in the HTML of the page
- A static element that is not captured by the library, which contains the visitor's account balance or Social Security number, or similar.
These types of sensitive data must be masked or blocked after they reach Tealeaf.
Performance
Care must be taken to keep the masking records to a minimum. Only use optimized regular expressions and optimized code in your custom functions. A poorly configured privacy mask can have adverse impacts on the performance of the page.
Example of blocking data from transmission
You can remove the data from being submitted to the server. This example blocks data by referencing the EmptyMask
function in the declaration:
{"id": "myElement", "caseinsensitive": false, "mask":
function () { return TeaLeaf.Client.EmptyMask.apply(this, arguments); }}
Default configuration
This is the default specification for tlFieldBlock
that is provided by Tealeaf. The default configuration does not perform any masking. You must modify this code to support your privacy requirements before you deploy the UI Capture.
tlFieldBlock:[
/* Sample block rules:
// Mask all field names that have "creditcard" or "password"
// substrings using the PreserveMask() function.
{"name": "creditcard|password", "caseinsensitive": true, "mask":
function ()
{ return TeaLeaf.Client.PreserveMask.apply(this, arguments); }}
// Mask all field ids that match pvt0, pvt1 ... pvt9 using
// the EmptyMask() function.
{"id": "^pvt[0-9]$", "caseinsensitive": true, "mask":
function ()
{ return TeaLeaf.Client.EmptyMask.apply(this, arguments); }}
// Paranoid mode: Mask all name and id values with the
// BasicMask() function.
{"id": ".*", "name": ".*", "caseinsensitive": false, "mask":
function ()
{ return TeaLeaf.Client.BasicMask.apply(this, arguments); }}
*/
],
// The mask used by the PreserveMask() masking function.
tlPrivacyMask: {
"upperChar": "X",
"lowerChar": "x",
"numericChar": "9",
"symbolChar": "#"
},