govuk_frontend_toolkit 7.4.2 → 7.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7898fa496cc37c7a25080a47fb956210dfc4f1292e3c11592f9f11d99560a23c
-  data.tar.gz: beed11c44d8b2b0edc9c8512d8e23bfbd3992c84f077f92706bb0d735c056166
+  metadata.gz: eff63e0599f9da09739df587ffd34308b7eb485e94d1cceb8a86c1d44f67ccbc
+  data.tar.gz: 9abe419f1eea6dc31ed054d7028cf2057a4d4a7e2e3969116c3510e1b39205ea
 SHA512:
-  metadata.gz: ee08d53b41087e42eb948a397f34384eefb3f168e1a7898633e5e7d669230e6b72197851ff622d9727e8809cd71c2187a135e031358e21a70c7debc48da48acd
-  data.tar.gz: 23f0bfc93d48f66458369638ea3b785987290399c88a4e2d692b66cdb43e029e3f0a764a7cc4b559b256eb1552d6bf89b527cbfa1f339ec4899d28d3a16c0a83
+  metadata.gz: d813921775ca00d88421a4b46102acae335295bf45f7655fc7b9ced2c1ebc212eb25c83e1932aa90453834392fff2fd791d50f200fef96c1b9a3f0d4f1edb859
+  data.tar.gz: 12516e2bfe55aa4d1eceafa8ea9a346020174570edbd83235fc3f2c5d4433095d79acdd4159724b8fa8b4c3bf94218fe00d29d8485fa124232e253a61937c534

data/app/assets/CHANGELOG.md

@@ -1,3 +1,7 @@
+# 7.5.0
+
+- Implement optional stripping of dates for arguments passed to GA: ([PR #459](https://github.com/alphagov/govuk_frontend_toolkit/pull/459))
+
 # 7.4.2
 
 - Remove the deprecation warning in javascripts/govuk/selection-buttons.js as it is coupled to a different project which is not always used with this gem.

data/app/assets/VERSION.txt

@@ -1 +1 @@
-7.4.2
+7.5.0

data/app/assets/docs/analytics.md

@@ -7,7 +7,7 @@ The toolkit provides an abstraction around analytics to make tracking pageviews,
 * a generic Analytics wrapper that allows multiple trackers to be configured
 * sensible defaults such as anonymising IPs
 * data coercion into the format required by Google Analytics (eg a custom dimension’s value must be a string)
-* stripping of PII from data sent to the tracker (strips email by default, can be configured to also strip UK postcodes)
+* stripping of PII from data sent to the tracker (strips email by default, can be configured to also strip dates and UK postcodes)
 
 ## Create an analytics tracker
 
@@ -223,7 +223,8 @@ Mailto Link Clicked | mailto:name@email.com | Link text
 The tracker will strip any PII it detects from all arguments sent to the
 tracker.  If a PII is detected in the arguments it is replaced with a
 placeholder value of `[<type of PII removed>]`; for example: `[email]` if an
-email address was removed, or `[postcode]` if a postcode was removed.
+email address was removed, `[date]` if a date was removed, or `[postcode]`
+if a postcode was removed.
 
 We have to parse all arguments which means that if you don't pass a path to
 `trackPageView` to track the current page we have to extract the current page
@@ -234,21 +235,22 @@ part of the URL anyway so this doesn't change the behaviour other than to make
 the path explicit.
 
 By default we strip email addresses, but it can also be configured to strip
-postcodes too.  Postcodes are off by default because they're more likely to
-cause false positives.  If you know you are likely to include postcodes in
-the data you send to the tracker you can configure to strip postcodes at
-initialize time as follows:
+dates and postcodes too.  Dates and postcodes are off by default because
+they're more likely to cause false positives.  If you know you are likely to
+include dates or postcodes in the data you send to the tracker you can configure
+to strip postcodes at initialize time as follows:
 
 ```js
   GOVUK.analytics = new GOVUK.Analytics({
     universalId: 'UA-XXXXXXXX-X',
     cookieDomain: cookieDomain,
+    stripDatePII: true,
     stripPostcodePII: true
   });
 ````
 
-Any value other than the JS literal `true` for `stripPostcodePII` will leave
-the analytics module configured not to strip postcodes.
+Any value other than the JS literal `true` will leave the analytics module
+configured not to strip.
 
 #### Avoding false positives
 
@@ -258,8 +260,8 @@ to every document can sometimes contain a string of characters that look like a
 UK postcode: in `eed5b92e-8279-4ca9-a141-5c35ed22fcf1` the substring `c35ed` in
 the final portion looks like a postcode, `C3 5ED`, and will be transformed into
 `eed5b92e-8279-4ca9-a141-5[postcode]22fcf1` which breaks the `content_id`.  To
-send data that you know is not PII, but it looks like an email address or a UK
-postcode you can provide your arguments wrapped in a `GOVUK.Analytics.PIISafe`
+send data that you know is not PII, but it looks like an email address, a date,
+or a UK postcode you can provide your arguments wrapped in a `GOVUK.Analytics.PIISafe`
 object.  If any argument to an analytics function is an instance of one of these
 objects the value contained within will be extracted and sent directly to the
 analytics tracker without attempting to strip PII from it.  For example:

data/app/assets/javascripts/govuk/analytics/analytics.js

@@ -4,11 +4,19 @@
   var GOVUK = global.GOVUK || {}
   var EMAIL_PATTERN = /[^\s=/?&]+(?:@|%40)[^\s=/?&]+/g
   var POSTCODE_PATTERN = /[A-PR-UWYZ][A-HJ-Z]?[0-9][0-9A-HJKMNPR-Y]?(?:[\s+]|%20)*[0-9][ABD-HJLNPQ-Z]{2}/gi
+  var DATE_PATTERN = /\d{4}(-?)\d{2}(-?)\d{2}/g
 
   // For usage and initialisation see:
   // https://github.com/alphagov/govuk_frontend_toolkit/blob/master/docs/analytics.md#create-an-analytics-tracker
 
   var Analytics = function (config) {
+    this.stripDatePII = false
+    if (typeof config.stripDatePII !== 'undefined') {
+      this.stripDatePII = (config.stripDatePII === true)
+      // remove the option so we don't pass it to other trackers - it's not
+      // their concern
+      delete config.stripDatePII
+    }
     this.stripPostcodePII = false
     if (typeof config.stripPostcodePII !== 'undefined') {
       this.stripPostcodePII = (config.stripPostcodePII === true)
@@ -47,12 +55,14 @@
   }
 
   Analytics.prototype.stripPIIFromString = function (string) {
-    var emailStripped = string.replace(EMAIL_PATTERN, '[email]')
+    var stripped = string.replace(EMAIL_PATTERN, '[email]')
+    if (this.stripDatePII === true) {
+      stripped = stripped.replace(DATE_PATTERN, '[date]')
+    }
     if (this.stripPostcodePII === true) {
-      return emailStripped.replace(POSTCODE_PATTERN, '[postcode]')
-    } else {
-      return emailStripped
+      stripped = stripped.replace(POSTCODE_PATTERN, '[postcode]')
     }
+    return stripped
   }
 
   Analytics.prototype.stripPIIFromObject = function (object) {

data/app/assets/spec/unit/analytics/analytics.spec.js

@@ -33,6 +33,21 @@ describe('GOVUK.Analytics', function () {
       expect(universalSetupArguments[2]).toEqual(['set', 'displayFeaturesTask', null])
     })
 
+    it('is configured not to strip date data from GA calls', function () {
+      expect(analytics.stripDatePII).toEqual(false)
+    })
+
+    it('can be told to strip date data from GA calls', function () {
+      analytics = new GOVUK.Analytics({
+        universalId: 'universal-id',
+        cookieDomain: '.www.gov.uk',
+        siteSpeedSampleRate: 100,
+        stripDatePII: true
+      })
+
+      expect(analytics.stripDatePII).toEqual(true)
+    })
+
     it('is configured not to strip postcode data from GA calls', function () {
       expect(analytics.stripPostcodePII).toEqual(false)
     })
@@ -150,6 +165,35 @@ describe('GOVUK.Analytics', function () {
       expect(window.ga.calls.mostRecent().args).toEqual(['set', 'dimension1', '[email]']) // set dimension ignores extra options
     })
 
+    it('leaves dates embedded in arguments by default', function () {
+      analytics.trackPageview('/path/to/an/embedded/2018-01-01/postcode/?with=an&postcode=2017-01-01', '20192217', { label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', 'pageview', { page: '/path/to/an/embedded/2018-01-01/postcode/?with=an&postcode=2017-01-01', title: '20192217', label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] }])
+
+      analytics.trackEvent('2017-01-01-category', '20192217-action', { label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', { hitType: 'event', eventCategory: '2017-01-01-category', eventAction: '20192217-action', eventLabel: '12345678' }]) // trackEvent ignores options other than label or integer values for value
+
+      analytics.setDimension(1, '2017-01-01-value', { label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['set', 'dimension1', '2017-01-01-value']) // set dimension ignores extra options
+    })
+
+    it('strips dates embedded in arguments if configured to do so', function () {
+      analytics = new GOVUK.Analytics({
+        universalId: 'universal-id',
+        cookieDomain: '.www.gov.uk',
+        siteSpeedSampleRate: 100,
+        stripDatePII: true
+      })
+
+      analytics.trackPageview('/path/to/an/embedded/2018-01-01/postcode/?with=an&postcode=2017-01-01', '20192217', { label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', 'pageview', { page: '/path/to/an/embedded/[date]/postcode/?with=an&postcode=[date]', title: '[date]', label: '[date]', value: ['data', 'data', 'someone has added their personal[date] postcode'] }])
+
+      analytics.trackEvent('2017-01-01-category', '20192217-action', { label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', { hitType: 'event', eventCategory: '[date]-category', eventAction: '[date]-action', eventLabel: '[date]' }]) // trackEvent ignores options other than label or integer values for value
+
+      analytics.setDimension(1, '2017-01-01-value', { label: '12345678', value: ['data', 'data', 'someone has added their personal9999-9999 postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['set', 'dimension1', '[date]-value']) // set dimension ignores extra options
+    })
+
     it('leaves postcodes embedded in arguments by default', function () {
       analytics.trackPageview('/path/to/an/embedded/SW1+1AA/postcode/?with=an&postcode=SP4%207DE', 'TD15 2SE', { label: 'RG209NJ', value: ['data', 'data', 'someone has added their personalIV63 6TU postcode'] })
       expect(window.ga.calls.mostRecent().args).toEqual(['send', 'pageview', { page: '/path/to/an/embedded/SW1+1AA/postcode/?with=an&postcode=SP4%207DE', title: 'TD15 2SE', label: 'RG209NJ', value: ['data', 'data', 'someone has added their personalIV63 6TU postcode'] }])
@@ -179,22 +223,23 @@ describe('GOVUK.Analytics', function () {
       expect(window.ga.calls.mostRecent().args).toEqual(['set', 'dimension1', '[postcode]-value']) // set dimension ignores extra options
     })
 
-    it('ignores any PIISafe arguments even if they look like emails or postcodes', function () {
+    it('ignores any PIISafe arguments even if they look like emails, dates, or postcodes', function () {
       analytics = new GOVUK.Analytics({
         universalId: 'universal-id',
         cookieDomain: '.www.gov.uk',
         siteSpeedSampleRate: 100,
+        stripDatePII: true,
         stripPostcodePII: true
       })
 
-      analytics.trackPageview(new GOVUK.Analytics.PIISafe('/path/to/an/embedded/SW1+1AA/postcode/?with=an&postcode=SP4%207DE'), new GOVUK.Analytics.PIISafe('an.email@example.com'), { label: new GOVUK.Analytics.PIISafe('another.email@example.com'), value: ['data', 'data', new GOVUK.Analytics.PIISafe('someone has added their personalIV63 6TU postcode')] })
-      expect(window.ga.calls.mostRecent().args).toEqual(['send', 'pageview', { page: '/path/to/an/embedded/SW1+1AA/postcode/?with=an&postcode=SP4%207DE', title: 'an.email@example.com', label: 'another.email@example.com', value: ['data', 'data', 'someone has added their personalIV63 6TU postcode'] }])
+      analytics.trackPageview(new GOVUK.Analytics.PIISafe('/path/to/an/embedded/SW1+1AA/postcode/?with=an&postcode=SP4%207DE'), new GOVUK.Analytics.PIISafe('an.email@example.com 2017-01-01'), { label: new GOVUK.Analytics.PIISafe('another.email@example.com'), value: ['data', 'data', new GOVUK.Analytics.PIISafe('someone has added their personalIV63 6TU postcode')] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', 'pageview', { page: '/path/to/an/embedded/SW1+1AA/postcode/?with=an&postcode=SP4%207DE', title: 'an.email@example.com 2017-01-01', label: 'another.email@example.com', value: ['data', 'data', 'someone has added their personalIV63 6TU postcode'] }])
 
-      analytics.trackEvent(new GOVUK.Analytics.PIISafe('SW1+1AA-category'), new GOVUK.Analytics.PIISafe('an.email@example.com-action'), { label: new GOVUK.Analytics.PIISafe('RG209NJ'), value: ['data', 'data', 'someone has added their personalIV63 6TU postcode'] })
-      expect(window.ga.calls.mostRecent().args).toEqual(['send', { hitType: 'event', eventCategory: 'SW1+1AA-category', eventAction: 'an.email@example.com-action', eventLabel: 'RG209NJ' }]) // trackEvent ignores options other than label or integer values for value
+      analytics.trackEvent(new GOVUK.Analytics.PIISafe('SW1+1AA-category'), new GOVUK.Analytics.PIISafe('an.email@example.com-action 2017-01-01'), { label: new GOVUK.Analytics.PIISafe('RG209NJ'), value: ['data', 'data', 'someone has added their personalIV63 6TU postcode'] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', { hitType: 'event', eventCategory: 'SW1+1AA-category', eventAction: 'an.email@example.com-action 2017-01-01', eventLabel: 'RG209NJ' }]) // trackEvent ignores options other than label or integer values for value
 
-      analytics.setDimension(1, new GOVUK.Analytics.PIISafe('an.email@SW1+1AA-value.com'), { label: new GOVUK.Analytics.PIISafe('RG209NJ'), value: ['data', 'data', new GOVUK.Analytics.PIISafe('someone has added their personalIV63 6TU postcode')] })
-      expect(window.ga.calls.mostRecent().args).toEqual(['set', 'dimension1', 'an.email@SW1+1AA-value.com']) // set dimension ignores extra options
+      analytics.setDimension(1, new GOVUK.Analytics.PIISafe('an.email@SW1+1AA-value.com 2017-01-01'), { label: new GOVUK.Analytics.PIISafe('RG209NJ'), value: ['data', 'data', new GOVUK.Analytics.PIISafe('someone has added their personalIV63 6TU postcode')] })
+      expect(window.ga.calls.mostRecent().args).toEqual(['set', 'dimension1', 'an.email@SW1+1AA-value.com 2017-01-01']) // set dimension ignores extra options
     })
   })
 
@@ -228,6 +273,49 @@ describe('GOVUK.Analytics', function () {
       }])
     })
 
+    it('leaves dates embedded in arguments by default', function () {
+      analytics.trackShare('email', {
+        to: '2017-01-01',
+        label: '20170101',
+        value: ['data', 'data', 'someone has added their personal29990303 postcode']
+      })
+
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', {
+        hitType: 'social',
+        socialNetwork: 'email',
+        socialAction: 'share',
+        socialTarget: jasmine.any(String),
+        to: '2017-01-01',
+        label: '20170101',
+        value: ['data', 'data', 'someone has added their personal29990303 postcode']
+      }])
+    })
+
+    it('strips dates embedded in arguments if configured to do so', function () {
+      analytics = new GOVUK.Analytics({
+        universalId: 'universal-id',
+        cookieDomain: '.www.gov.uk',
+        siteSpeedSampleRate: 100,
+        stripDatePII: true
+      })
+
+      analytics.trackShare('email', {
+        to: '2017-01-01',
+        label: '20170101',
+        value: ['data', 'data', 'someone has added their personal29990303 postcode']
+      })
+
+      expect(window.ga.calls.mostRecent().args).toEqual(['send', {
+        hitType: 'social',
+        socialNetwork: 'email',
+        socialAction: 'share',
+        socialTarget: jasmine.any(String),
+        to: '[date]',
+        label: '[date]',
+        value: ['data', 'data', 'someone has added their personal[date] postcode']
+      }])
+    })
+
     it('leaves postcodes embedded in arguments by default', function () {
       analytics.trackShare('email', {
         to: 'IV63 6TU',
@@ -271,7 +359,7 @@ describe('GOVUK.Analytics', function () {
       }])
     })
 
-    it('ignores any PIISafe arguments even if they look like emails or postcodes', function () {
+    it('ignores any PIISafe arguments even if they look like emails, dates, or postcodes', function () {
       analytics = new GOVUK.Analytics({
         universalId: 'universal-id',
         cookieDomain: '.www.gov.uk',
@@ -281,7 +369,7 @@ describe('GOVUK.Analytics', function () {
 
       analytics.trackShare('email', {
         to: new GOVUK.Analytics.PIISafe('IV63 6TU'),
-        label: new GOVUK.Analytics.PIISafe('an.email@example.com'),
+        label: new GOVUK.Analytics.PIISafe('an.email@example.com 2017-01-01'),
         value: new GOVUK.Analytics.PIISafe(['data', 'another.email@example.com', 'someone has added their personalTD15 2SE postcode'])
       })
 
@@ -291,7 +379,7 @@ describe('GOVUK.Analytics', function () {
         socialAction: 'share',
         socialTarget: jasmine.any(String),
         to: 'IV63 6TU',
-        label: 'an.email@example.com',
+        label: 'an.email@example.com 2017-01-01',
         value: ['data', 'another.email@example.com', 'someone has added their personalTD15 2SE postcode']
       }])
     })

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: govuk_frontend_toolkit
 version: !ruby/object:Gem::Version
-  version: 7.4.2
+  version: 7.5.0
 platform: ruby
 authors:
 - Government Digital Service
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-23 00:00:00.000000000 Z
+date: 2018-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties