🐛 [RUM-12503] Add mask-unless-allowlisted privacy level support for standard attr (#3907)

* Add mask-unless-allowlisted privacy level support for standard attributes action names

* Extract shouldMaskAttriubte to share for SR and action names; Improve code according to comments

* Fix censor img mark for source elements and update test cases

* Improve code

Author: cy-moi

packages/rum-core/src/domain/action/getActionNameFromElement.spec.ts

@@ -643,6 +643,27 @@ describe('getActionNameFromElement', () => {
           expectedName: 'foo bar baz',
           expectedNameSource: 'text_content',
         },
+        {
+          html: `
+          <div data-dd-privacy="mask-unless-allowlisted" alt="bar" target>
+            <span>bar</span>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          expectedName: 'Masked Element',
+          expectedNameSource: 'standard_attribute',
+        },
+        {
+          html: `
+          <div data-dd-privacy="mask-unless-allowlisted" alt="foo" target>
+            <span>bar</span>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          allowlist: ['foo'],
+          expectedName: 'foo',
+          expectedNameSource: 'standard_attribute',
+        },
       ]
       testCases.forEach(({ html, defaultPrivacyLevel, allowlist, expectedName, expectedNameSource }) => {
         mockExperimentalFeatures([ExperimentalFeature.USE_TREE_WALKER_FOR_ACTION_NAME])

packages/rum-core/src/domain/action/getActionNameFromElement.ts

@@ -1,6 +1,6 @@
 import { ExperimentalFeature, isExperimentalFeatureEnabled, safeTruncate } from '@datadog/browser-core'
 import { getPrivacySelector, NodePrivacyLevel } from '../privacyConstants'
-import { getNodePrivacyLevel, shouldMaskNode } from '../privacy'
+import { getNodePrivacyLevel, maskDisallowedTextContent, shouldMaskNode, shouldMaskAttribute } from '../privacy'
 import type { NodePrivacyLevelCache } from '../privacy'
 import type { RumConfiguration } from '../configuration'
 import { isElementNode } from '../../browser/htmlDomUtils'
@@ -16,6 +16,8 @@ export function getActionNameFromElement(
   rumConfiguration: RumConfiguration,
   nodePrivacyLevel: NodePrivacyLevel = NodePrivacyLevel.ALLOW
 ): ActionName {
+  const nodePrivacyLevelCache: NodePrivacyLevelCache = new Map()
+
   const { actionNameAttribute: userProgrammaticAttribute } = rumConfiguration
 
   // Proceed to get the action name in two steps:
@@ -36,8 +38,8 @@ export function getActionNameFromElement(
   }
 
   return (
-    getActionNameFromElementForStrategies(element, priorityStrategies, rumConfiguration) ||
-    getActionNameFromElementForStrategies(element, fallbackStrategies, rumConfiguration) || {
+    getActionNameFromElementForStrategies(element, priorityStrategies, rumConfiguration, nodePrivacyLevelCache) ||
+    getActionNameFromElementForStrategies(element, fallbackStrategies, rumConfiguration, nodePrivacyLevelCache) || {
       name: '',
       nameSource: ActionNameSource.BLANK,
     }
@@ -58,14 +60,15 @@ function getActionNameFromElementProgrammatically(targetElement: Element, progra
 
 type NameStrategy = (
   element: Element | HTMLElement | HTMLInputElement | HTMLSelectElement,
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ) => ActionName | undefined | null
 
 const priorityStrategies: NameStrategy[] = [
   // associated LABEL text
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     if ('labels' in element && element.labels && element.labels.length > 0) {
-      return getActionNameFromTextualContent(element.labels[0], rumConfiguration)
+      return getActionNameFromTextualContent(element.labels[0], rumConfiguration, nodePrivacyLevelCache)
     }
   },
   // INPUT button (and associated) value
@@ -79,41 +82,47 @@ const priorityStrategies: NameStrategy[] = [
     }
   },
   // BUTTON, LABEL or button-like element text
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     if (element.nodeName === 'BUTTON' || element.nodeName === 'LABEL' || element.getAttribute('role') === 'button') {
-      return getActionNameFromTextualContent(element, rumConfiguration)
+      return getActionNameFromTextualContent(element, rumConfiguration, nodePrivacyLevelCache)
     }
   },
-  (element) => getActionNameFromStandardAttribute(element, 'aria-label'),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'aria-label', rumConfiguration, nodePrivacyLevelCache),
   // associated element text designated by the aria-labelledby attribute
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     const labelledByAttribute = element.getAttribute('aria-labelledby')
     if (labelledByAttribute) {
       return {
         name: labelledByAttribute
           .split(/\s+/)
           .map((id) => getElementById(element, id))
           .filter((label): label is HTMLElement => Boolean(label))
-          .map((element) => getTextualContent(element, rumConfiguration))
+          .map((element) => getTextualContent(element, rumConfiguration, nodePrivacyLevelCache))
           .join(' '),
         nameSource: ActionNameSource.TEXT_CONTENT,
       }
     }
   },
-  (element) => getActionNameFromStandardAttribute(element, 'alt'),
-  (element) => getActionNameFromStandardAttribute(element, 'name'),
-  (element) => getActionNameFromStandardAttribute(element, 'title'),
-  (element) => getActionNameFromStandardAttribute(element, 'placeholder'),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'alt', rumConfiguration, nodePrivacyLevelCache),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'name', rumConfiguration, nodePrivacyLevelCache),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'title', rumConfiguration, nodePrivacyLevelCache),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromStandardAttribute(element, 'placeholder', rumConfiguration, nodePrivacyLevelCache),
   // SELECT first OPTION text
-  (element, rumConfiguration) => {
+  (element, rumConfiguration, nodePrivacyLevelCache) => {
     if ('options' in element && element.options.length > 0) {
-      return getActionNameFromTextualContent(element.options[0], rumConfiguration)
+      return getActionNameFromTextualContent(element.options[0], rumConfiguration, nodePrivacyLevelCache)
     }
   },
 ]
 
 const fallbackStrategies: NameStrategy[] = [
-  (element, rumConfiguration) => getActionNameFromTextualContent(element, rumConfiguration),
+  (element, rumConfiguration, nodePrivacyLevelCache) =>
+    getActionNameFromTextualContent(element, rumConfiguration, nodePrivacyLevelCache),
 ]
 
 /**
@@ -124,7 +133,8 @@ const MAX_PARENTS_TO_CONSIDER = 10
 function getActionNameFromElementForStrategies(
   targetElement: Element,
   strategies: NameStrategy[],
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ) {
   let element: Element | null = targetElement
   let recursionCounter = 0
@@ -136,7 +146,7 @@ function getActionNameFromElementForStrategies(
     element.nodeName !== 'HEAD'
   ) {
     for (const strategy of strategies) {
-      const actionName = strategy(element, rumConfiguration)
+      const actionName = strategy(element, rumConfiguration, nodePrivacyLevelCache)
       if (actionName) {
         const { name, nameSource } = actionName
         const trimmedName = name && name.trim()
@@ -169,24 +179,45 @@ function getElementById(refElement: Element, id: string) {
   return refElement.ownerDocument ? refElement.ownerDocument.getElementById(id) : null
 }
 
-function getActionNameFromStandardAttribute(element: Element | HTMLElement, attribute: string): ActionName {
+function getActionNameFromStandardAttribute(
+  element: Element | HTMLElement,
+  attribute: string,
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
+): ActionName {
+  const { enablePrivacyForActionName, defaultPrivacyLevel } = rumConfiguration
+  let attributeValue = element.getAttribute(attribute)
+  if (attributeValue && enablePrivacyForActionName) {
+    const nodePrivacyLevel = getNodePrivacyLevel(element, defaultPrivacyLevel, nodePrivacyLevelCache)
+    if (shouldMaskAttribute(element.tagName, attribute, attributeValue, nodePrivacyLevel, rumConfiguration)) {
+      attributeValue = maskDisallowedTextContent(attributeValue, ACTION_NAME_PLACEHOLDER)
+    }
+  } else if (!attributeValue) {
+    attributeValue = ''
+  }
+
   return {
-    name: element.getAttribute(attribute) || '',
+    name: attributeValue,
     nameSource: ActionNameSource.STANDARD_ATTRIBUTE,
   }
 }
 
 function getActionNameFromTextualContent(
   element: Element | HTMLElement,
-  rumConfiguration: RumConfiguration
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ): ActionName {
   return {
-    name: getTextualContent(element, rumConfiguration) || '',
+    name: getTextualContent(element, rumConfiguration, nodePrivacyLevelCache) || '',
     nameSource: ActionNameSource.TEXT_CONTENT,
   }
 }
 
-function getTextualContent(element: Element, rumConfiguration: RumConfiguration) {
+function getTextualContent(
+  element: Element,
+  rumConfiguration: RumConfiguration,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
+) {
   if ((element as HTMLElement).isContentEditable) {
     return
   }
@@ -202,7 +233,8 @@ function getTextualContent(element: Element, rumConfiguration: RumConfiguration)
       element,
       userProgrammaticAttribute,
       enablePrivacyForActionName,
-      defaultPrivacyLevel
+      defaultPrivacyLevel,
+      nodePrivacyLevelCache
     )
   }
 
@@ -246,10 +278,9 @@ function getTextualContentWithTreeWalker(
   element: Element,
   userProgrammaticAttribute: string | undefined,
   privacyEnabledActionName: boolean,
-  defaultPrivacyLevel: NodePrivacyLevel
+  defaultPrivacyLevel: NodePrivacyLevel,
+  nodePrivacyLevelCache: NodePrivacyLevelCache
 ) {
-  const nodePrivacyLevelCache: NodePrivacyLevelCache = new Map()
-
   const walker = document.createTreeWalker(
     element,
     // eslint-disable-next-line no-bitwise

packages/rum-core/src/domain/privacy.ts

@@ -5,7 +5,10 @@ import {
   CENSORED_STRING_MARK,
   getPrivacySelector,
   TEXT_MASKING_CHAR,
+  PRIVACY_ATTR_NAME,
 } from './privacyConstants'
+import { STABLE_ATTRIBUTES } from './getSelectorFromElement'
+import type { RumConfiguration } from './configuration'
 
 export type NodePrivacyLevelCache = Map<Node, NodePrivacyLevel>
 
@@ -150,6 +153,46 @@ export function shouldMaskNode(node: Node, privacyLevel: NodePrivacyLevel) {
   }
 }
 
+export function shouldMaskAttribute(
+  tagName: string,
+  attributeName: string,
+  attributeValue: string | null,
+  nodePrivacyLevel: NodePrivacyLevel,
+  configuration: RumConfiguration
+) {
+  if (nodePrivacyLevel !== NodePrivacyLevel.MASK && nodePrivacyLevel !== NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED) {
+    return false
+  }
+  if (
+    attributeName === PRIVACY_ATTR_NAME ||
+    STABLE_ATTRIBUTES.includes(attributeName) ||
+    attributeName === configuration.actionNameAttribute
+  ) {
+    return false
+  }
+
+  switch (attributeName) {
+    case 'title':
+    case 'alt':
+    case 'placeholder':
+      return true
+  }
+  if (tagName === 'A' && attributeName === 'href') {
+    return true
+  }
+  if (tagName === 'IFRAME' && attributeName === 'srcdoc') {
+    return true
+  }
+  if (attributeValue && attributeName.startsWith('data-')) {
+    return true
+  }
+  if ((tagName === 'IMG' || tagName === 'SOURCE') && (attributeName === 'src' || attributeName === 'srcset')) {
+    return true
+  }
+
+  return false
+}
+
 function isFormElement(node: Node | null): boolean {
   if (!node || node.nodeType !== node.ELEMENT_NODE) {
     return false