Redact sensitive data

Redact Sensitive Data (with Custom HTML Attribute and Regex Patterns)

BetterBugs.io enables you to prevent sensitive information from being captured or shared while creating bug reports with screenshots, screen recordings, or Rewind sessions.

You can configure BetterBugs.io to do this in multiple ways. For this, you have the following options

Custom HTML Attribute for Blurring Information — Adding data-betterbugs=”ignore” to your web page HTML element blurs out those elements before taking screenshots or recording screens or when using Rewind.
Redact Data with Regex Patterns — Adding default or custom regex patterns first globally identifies the defined key/value pairs in the technical information getting captured (while creating bug reports). Then, the corresponding values get redacted and replaced with “[*** REDACTED BY BETTERBUGS FOR PRIVACY ***]” from your bug reports.

Custom HTML Attribute for Blurring Information

Before creating a report, you need to add the data-betterbugs=”ignore” HTML attribute to your application web page(s) elements to exclude them from getting captured.

You can use this to blur out DOM elements. This means adding the attribute to the DOM elements would prevent them from getting recorded.

Using `data-betterbugs=”ignore”` HTML attribute in your source code

To use the feature, just add the attribute in your HTML source code for selecting the desired element(s) to be ignored during screenshots, screen recordings, or Rewind sessions.

Here’s what it looks like:

You're good to go.

Redact Data with Regex Patterns

You can easily add regular expressions (REGEX) to BetterBugs.io for it to redact/remove sensitive data or prevent information from getting captured.

How It Works

Once you add the specific regex (from the extension’s “⚙️Settings” option), when you create a report, BetterBugs.io stringifies the technical details captured during the screen capturing (screenshot, screen record, or Rewind) session object and processes it with the saved regex patterns before the report uploads.

This prevents the pre-defined sensitive information, such as authentication headers, access tokens, emails, passwords, card numbers, CVV, and API keys, from being accidentally shared along with the bug reports.

The system avoids overwriting critical fields like titles, descriptions, or metadata unless specified by the regex patterns. Besides this, BetterBugs.io shows a preview of the data after redaction, allowing you to verify and adjust regex patterns as needed.

For instance, if a network request (being captured) in your bug report contains a sensitive user email ID, with the pre-applied regex pattern, BetterBugs.io redacts it automatically while getting shared.

This means instead of the actual email ID for the key/pair value in the request/response/payload object, BetterBugs.io replaces it with “[*** REDACTED BY BETTERBUGS FOR PRIVACY ***]” as the value in the result object.

EXAMPLE

Original JSON Object before capturing:

{
   "updated_at":"2025-03-12T05:52:49.101Z",
   "email":"example@gmail.com",
   "email_verified":true,
   "sub":"auth0|67d121311d653da533819a74"
}

Redacted JSON result with the pre-applied REGEX after capturing:

{
   "updated_at":"2025-03-12T05:52:49.101Z",
   "email":"[*** REDACTED BY BETTERBUGS FOR PRIVACY ***]",
   "email_verified":true,
   "sub":"auth0|67d121311d653da533819a74"
}

Use Cases: Redact Data with Regex

Here’s how it’s commonly used:

Data Privacy Management — You can define multiple regex patterns in the settings to redact sensitive data before uploading. BetterBugs.io comes with predefined regex patterns for common sensitive data types like authentication headers, access tokens, emails, passwords, card numbers, CVV, and API keys. You can view unredacted data before uploading and verify redaction after uploading sensitive data.
Customizable Redaction — You can modify the regex patterns to fit your application's specific requirements. Redaction is applied only to sensitive data, and other intentionally added data remains unaltered.

Pre-added regex patterns that come with BetterBugs.io

By default, BetterBugs.io comes bundled with several pre-added regex patterns that you might commonly use. This helps you get started with using the redaction feature right off the bat.

To access the pre-added regex patterns:

Open Extension

Open the BetterBugs.io extension from the Chrome browser

Click Settings

From the extension UI, click on the "⚙️Settings" icon

Go to the Regex Values Section

Scroll down to the “Add regex values” section

Here, you’ll find all the pre-defined regex patterns that come as a default when you download BetterBugs.io

You can also add custom regex patterns from the BetterBugs user interface as required for your project.

Steps to Add Custom Regex Patterns

Adding custom regex patterns is super easy. Here’s how to do it:

Open Settings from the Extension

Open the BetterBugs.io extension and click the cogwheel Settings gear ⚙️

Go to the Regex Values Section

Scroll down to the “Add regex values” section

Enter Regex Name and Value

Enter the desired “Regex Name” and its “Regex Value”.

Save

Hit the "Add" button to save it

You're good to go.

List of Data Points Redacted by Default (pre-defined by BetterBugs.io)

Password

Regex

/(?<=["`']?(?:password|passwd|pwd)["`']?\s*[:=]\s*["`'])([^"`']+)(?=["`'])/gi

This regex looks for the keywords password, passwd, or pwd, optionally enclosed in quotes (", ', or `), followed by an assignment operator (= or :), and captures the text representing the password inside quotes.

API Key

Regex

/(?:api[_-]?key|access[_-]?token|client[_-]?secret)[:=]\s*(['"]?)([a-zA-Z0-9_\-\.]{16,64})\1/gi

This regex matches API keys or similar tokens assigned to terms like api_key, access_token, or client_secret. The key must be alphanumeric, optionally include _, -, or ., and be 16–64 characters long.

Credit Card

Regex

/\b(?!0{16})(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})(?:[\s-]?\d{4})?/g

Matches valid credit card numbers from providers like Visa, Mastercard, Amex, Discover, etc., while excluding invalid numbers (e.g., 0000000000000000). It recognizes formats with spaces or dashes.

CVV

Regex

/(?<=(?:["']?(?:cvv2?|cvc2?|cid)["']?\s*[:=]\s*["']?))(?!000|999)\d{3,4}(?=["']?)/gi

Identifies 3–4 digit CVV codes assigned to terms like cvv, cvc, or cid, ensuring the code isn’t 000 or 999.

Email

Regex

/[a-zA-Z0-9._%+-]+(?:%40|@)[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z]{2,})+/gi

Matches standard email addresses, allowing for +, %, or dots in local parts of the address.

Authorization Header

Regex

/(?:Authorization["'\s:]+|Bearer\s+)(eyJ[A-Za-z0-9\-_\.]+\.eyJ[A-Za-z0-9\-_\.]+\.[A-Za-z0-9\-_\.]+)/gi

Captures Bearer tokens from Authorization headers. These tokens must follow the JSON Web Token (JWT) structure with three dot-separated Base64-encoded segments.

JWT Token

Regex

/(eyJ[A-Za-z0-9\-_\.]+\.eyJ[A-Za-z0-9\-_\.]+\.[A-Za-z0-9\-_\.]+)/g

Matches JSON Web Tokens (JWT), which have three segments separated by dots. Each segment is Base64-encoded.

Client ID

Regex

/(?<=(?:["']?(?:client_?id|clientId|client-id)["']?\s*[:=]\s*["']))([A-Za-z0-9_-]{32,})(?=["'])/gi

Extracts client_id values that are 32+ alphanumeric characters long, assigned to terms like client_id or clientId.

IPv6

Regex

/\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g

Matches valid IPv6 addresses, which are represented in hexadecimal and separated by colons.

IPv4

Regex

/(?<!["']?(?:version|ver|browserVersion|browserversion|browser_version|Chrome|chrome|Firefox|firefox|Safari|safari|Edge|edge|Opera|opera|Chrome\/|chrome\/|Firefox\/|firefox\/|Safari\/|safari\/|Edge\/|edge\/|Opera\/|opera\/)["']?\s*[/:=]\s*["']?)\b(?:\d{1,3}\.){3}\d{1,3}\b/g

Matches valid IPv4 addresses, ensuring they are not browser version strings (e.g., Chrome/98.0.0.0).

PreviousGraphQL - Error handling NextKeyboard shortcuts

Last updated 1 month ago

Was this helpful?