๐๐๐ถ๐น๐ฑ๐ถ๐ป๐ด ๐ฆ๐ฎ๐ณ๐ฒ ๐ฆ๐ฒ๐๐๐ถ๐ผ๐ป ๐ฅ๐ฒ๐ฝ๐น๐ฎ๐
Session replay often records passwords. This is dangerous. We built a tool to mask data by default. The safe path is now the only path.
Here is how it works:
- It is not a video.
- Video files are too large.
- Video captures everything.
- We record the DOM and its changes.
- We replay these in an iframe.
This gives you control.
- We mask input fields.
- We replace text with x characters.
- We check for names like password or email.
- We ignore these fields.
We use a MutationObserver to track changes. We send data using navigator.sendBeacon. This ensures data sends even if the page closes.
Some things are hard to record:
- Canvas and video use placeholders.
- Shadow DOM needs extra work.
- Cross origin iframes stay opaque.
A session replay is a DOM recorder. It is not a screen recorder. This lets you protect user data. Make safety the default. Developers do not have to worry about it.
Source: https://dev.to/zenovay/building-session-replay-that-masks-input-data-by-default-ia6