Data Privacy and Blocking Sensitive Data
The HCL Discover UI SDK client framework provides multiple security features to ensure that sensitive application and user data is safeguarded for transport or retained only in the client application.
Using controls that you can configure, you can define the specific set of data that is blocked or masked from transport to HCL Discover.
Sensitive data that was cleansed through the client framework never reaches HCL Discover, which ensures that your customer's interactions are secure.
Specifying Privacy Rules
HCL Discover enables the blocking of user input data by element ID, name, or xpath. Masks can be expressed as explicit strings, replacements for character types, or custom functions.
- The type of identifier.
- The targets to which the rule applies.
- The type of masking to apply to the targets.
Specifying the Identifier
The identifier for the target element.
This value is specified according to the idType value. In the configuration file, you
can use a regular expression to specify matching identifiers. For example, the
following target configuration matches all HTML identifiers that end with
_pii.
message: {
privacy: [
{
targets: [
{
id: { regex: ".+_pii$" },
idType: -1
},
],
"maskType": 3
}
]
}Specifying the maskType
The following table shows the different masking types and the output which would be achieved when masking the string HelloWorld123:
| Value | Description | Masked Example |
|---|---|---|
| 1 | Value is blocked and replaced by an empty string. | " " |
| 2 | Value is blocked with a fixed string of x. | xxxxx |
| 3 | Value is masked according to the following parameters:
|
XxxxxXxxxx999 |
| 4 | Custom function. | The replacement value returned by the custom function. |
Specifying the idType
The following idType's are supported:
| Value | Description |
|---|---|
| -1 | HTML ID. |
| -2 | xpath identifier. |
| -3 | HTML name or other element attribute identifier. |
Privacy Configuration Examples
Blocking all password input fields using a CSS selector.
message: {
privacy: [
{
targets: [
"input [type=password]"
],
maskType: 3
}
],
...
}Multiple maskTypes require separate targets.
message: {
privacy: [
{
targets: [
"input [type=password]"
],
maskType: 3
},
{
targets: [
{
id: "cvv"
idType: -1
}
],
maskType: 1
}
],
...
}The following code block shows how you can combine different types of elements identified by id, idType, and CSS selectors
message: {
privacy: [
{
targets: [
{
id: "cvv",
idType: -1
},
{
id:
{
regex: "^creditCard.*",
flags: "g"
},
idType: -1
},
"input[type=password]",
".privacyData"
],
maskType: 1
}
],
...
}Add screenview option to privacy patterns
Privacy patterns can now be applied to specific screenviews.
```javascript
privacyPatterns: [
{ pattern:
{ regex: /For/, flags: "g" }
,
replacement: '***', // Replace occurrences of "John" directly
screenview: ['/medicare', 'next']
}
]
```With this update, privacy rules will only affect the specified screenviews.
Shadow DOM Support for Dom Capture Options
Previously, domcapture options like removebase64, keepimports etc
were not applied to shadow DOM elements. This issue has been resolved, and now all
domcapture configurations will properly apply to shadow
DOMs.
Removebase64 config does not support fonts or images within CSS
Base64 fonts or images in CSS could cause issues such as POST entity
too large errors or DOM truncation. The
removebase64 option has been updated to handle base64-encoded
fonts and background images in CSS.