@leanbase.com/js 0.1.1 → 0.1.3

package/src/utils/blocked-uas.ts

@@ -0,0 +1,162 @@
+export const DEFAULT_BLOCKED_UA_STRS = [
+    // Random assortment of bots
+    'amazonbot',
+    'amazonproductbot',
+    'app.hypefactors.com', // Buck, but "buck" is too short to be safe to block (https://app.hypefactors.com/media-monitoring/about.htm)
+    'applebot',
+    'archive.org_bot',
+    'awariobot',
+    'backlinksextendedbot',
+    'baiduspider',
+    'bingbot',
+    'bingpreview',
+    'chrome-lighthouse',
+    'dataforseobot',
+    'deepscan',
+    'duckduckbot',
+    'facebookexternal',
+    'facebookcatalog',
+    'http://yandex.com/bots',
+    'hubspot',
+    'ia_archiver',
+    'leikibot',
+    'linkedinbot',
+    'meta-externalagent',
+    'mj12bot',
+    'msnbot',
+    'nessus',
+    'petalbot',
+    'pinterest',
+    'prerender',
+    'rogerbot',
+    'screaming frog',
+    'sebot-wa',
+    'sitebulb',
+    'slackbot',
+    'slurp',
+    'trendictionbot',
+    'turnitin',
+    'twitterbot',
+    'vercel-screenshot',
+    'vercelbot',
+    'yahoo! slurp',
+    'yandexbot',
+    'zoombot',
+
+    // Bot-like words, maybe we should block `bot` entirely?
+    'bot.htm',
+    'bot.php',
+    '(bot;',
+    'bot/',
+    'crawler',
+
+    // Ahrefs: https://ahrefs.com/seo/glossary/ahrefsbot
+    'ahrefsbot',
+    'ahrefssiteaudit',
+
+    // Semrush bots: https://www.semrush.com/bot/
+    'semrushbot',
+    'siteauditbot',
+    'splitsignalbot',
+
+    // AI Crawlers
+    'gptbot',
+    'oai-searchbot',
+    'chatgpt-user',
+    'perplexitybot',
+
+    // Uptime-like stuff
+    'better uptime bot',
+    'sentryuptimebot',
+    'uptimerobot',
+
+    // headless browsers
+    'headlesschrome',
+    'cypress',
+    // we don't block electron here, as many customers use posthog-js in electron apps
+
+    // a whole bunch of goog-specific crawlers
+    // https://developers.google.com/search/docs/advanced/crawling/overview-google-crawlers
+    'google-hoteladsverifier',
+    'adsbot-google',
+    'apis-google',
+    'duplexweb-google',
+    'feedfetcher-google',
+    'google favicon',
+    'google web preview',
+    'google-read-aloud',
+    'googlebot',
+    'googleother',
+    'google-cloudvertexbot',
+    'googleweblight',
+    'mediapartners-google',
+    'storebot-google',
+    'google-inspectiontool',
+    'bytespider',
+]
+
+/**
+ * Block various web spiders from executing our JS and sending false capturing data
+ */
+export const isBlockedUA = function (ua: string, customBlockedUserAgents: string[]): boolean {
+    if (!ua) {
+        return false
+    }
+
+    const uaLower = ua.toLowerCase()
+    return DEFAULT_BLOCKED_UA_STRS.concat(customBlockedUserAgents || []).some((blockedUA) => {
+        const blockedUaLower = blockedUA.toLowerCase()
+
+        // can't use includes because IE 11 :/
+        return uaLower.indexOf(blockedUaLower) !== -1
+    })
+}
+
+// There's more in the type, but this is all we use. It's currently experimental, see
+// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/userAgentData
+// if you're reading this in the future, when it's no longer experimental, please remove this type and use an official one.
+// Be extremely defensive here to ensure backwards and *forwards* compatibility, and remove this defensiveness in the
+// future when it is safe to do so.
+export interface NavigatorUAData {
+    brands?: {
+        brand: string
+        version: string
+    }[]
+}
+declare global {
+    interface Navigator {
+        userAgentData?: NavigatorUAData
+    }
+}
+
+export const isLikelyBot = function (navigator: Navigator | undefined, customBlockedUserAgents: string[]): boolean {
+    if (!navigator) {
+        return false
+    }
+    const ua = navigator.userAgent
+    if (ua) {
+        if (isBlockedUA(ua, customBlockedUserAgents)) {
+            return true
+        }
+    }
+    try {
+        // eslint-disable-next-line compat/compat
+        const uaData = navigator?.userAgentData as NavigatorUAData
+        if (uaData?.brands && uaData.brands.some((brandObj) => isBlockedUA(brandObj?.brand, customBlockedUserAgents))) {
+            return true
+        }
+    } catch {
+        // ignore the error, we were using experimental browser features
+    }
+
+    return !!navigator.webdriver
+
+    // There's some more enhancements we could make in this area, e.g. it's possible to check if Chrome dev tools are
+    // open, which will detect some bots that are trying to mask themselves and might get past the checks above.
+    // However, this would give false positives for actual humans who have dev tools open.
+
+    // We could also use the data in navigator.userAgentData.getHighEntropyValues() to detect bots, but we should wait
+    // until this stops being experimental. The MDN docs imply that this might eventually require user permission.
+    // See https://developer.mozilla.org/en-US/docs/Web/API/NavigatorUAData/getHighEntropyValues
+    // It would be very bad if posthog-js caused a permission prompt to appear on every page load.
+}

package/src/utils/element-utils.ts

@@ -0,0 +1,50 @@
+import { TOOLBAR_CONTAINER_CLASS, TOOLBAR_ID } from '../constants'
+
+export function isElementInToolbar(el: EventTarget | null): boolean {
+    if (el instanceof Element) {
+        // closest isn't available in IE11, but we'll polyfill when bundling
+        return el.id === TOOLBAR_ID || !!el.closest?.('.' + TOOLBAR_CONTAINER_CLASS)
+    }
+    return false
+}
+
+/*
+ * Check whether an element has nodeType Node.ELEMENT_NODE
+ * @param {Element} el - element to check
+ * @returns {boolean} whether el is of the correct nodeType
+ */
+export function isElementNode(el: Node | Element | undefined | null): el is Element {
+    return !!el && el.nodeType === 1 // Node.ELEMENT_NODE - use integer constant for browser portability
+}
+
+/*
+ * Check whether an element is of a given tag type.
+ * Due to potential reference discrepancies (such as the webcomponents.js polyfill),
+ * we want to match tagNames instead of specific references because something like
+ * element === document.body won't always work because element might not be a native
+ * element.
+ * @param {Element} el - element to check
+ * @param {string} tag - tag name (e.g., "div")
+ * @returns {boolean} whether el is of the given tag type
+ */
+export function isTag(el: Element | undefined | null, tag: string): el is HTMLElement {
+    return !!el && !!el.tagName && el.tagName.toLowerCase() === tag.toLowerCase()
+}
+
+/*
+ * Check whether an element has nodeType Node.TEXT_NODE
+ * @param {Element} el - element to check
+ * @returns {boolean} whether el is of the correct nodeType
+ */
+export function isTextNode(el: Element | undefined | null): el is HTMLElement {
+    return !!el && el.nodeType === 3 // Node.TEXT_NODE - use integer constant for browser portability
+}
+
+/*
+ * Check whether an element has nodeType Node.DOCUMENT_FRAGMENT_NODE
+ * @param {Element} el - element to check
+ * @returns {boolean} whether el is of the correct nodeType
+ */
+export function isDocumentFragment(el: Element | ParentNode | undefined | null): el is DocumentFragment {
+    return !!el && el.nodeType === 11 // Node.DOCUMENT_FRAGMENT_NODE - use integer constant for browser portability
+}

package/src/utils/event-utils.ts

@@ -0,0 +1,304 @@
+import { convertToURL, getQueryParam, maskQueryParams } from './request-utils'
+import { isNull, stripLeadingDollar } from '@posthog/core'
+import { each, extend, extendArray, stripEmptyProperties } from './index'
+import { document, location, userAgent, window } from './'
+import { detectBrowser, detectBrowserVersion, detectDevice, detectDeviceType, detectOS } from './user-agent-utils'
+import { cookieStore } from '../storage'
+import Config from '../config'
+import { Properties } from '../types'
+
+const URL_REGEX_PREFIX = 'https?://(.*)'
+
+// CAMPAIGN_PARAMS and EVENT_TO_PERSON_PROPERTIES should be kept in sync with
+// https://github.com/PostHog/posthog/blob/master/plugin-server/src/utils/db/utils.ts#L60
+
+// The list of campaign parameters that could be considered personal data under e.g. GDPR.
+// These can be masked in URLs and properties before being sent to posthog.
+export const PERSONAL_DATA_CAMPAIGN_PARAMS = [
+    'gclid', // google ads
+    'gclsrc', // google ads 360
+    'dclid', // google display ads
+    'gbraid', // google ads, web to app
+    'wbraid', // google ads, app to web
+    'fbclid', // facebook
+    'msclkid', // microsoft
+    'twclid', // twitter
+    'li_fat_id', // linkedin
+    'igshid', // instagram
+    'ttclid', // tiktok
+    'rdt_cid', // reddit
+    'epik', // pinterest
+    'qclid', // quora
+    'sccid', // snapchat
+    'irclid', // impact
+    '_kx', // klaviyo
+]
+
+export const CAMPAIGN_PARAMS = extendArray(
+    [
+        'utm_source',
+        'utm_medium',
+        'utm_campaign',
+        'utm_content',
+        'utm_term',
+        'gad_source', // google ads source
+        'mc_cid', // mailchimp campaign id
+    ],
+    PERSONAL_DATA_CAMPAIGN_PARAMS
+)
+
+export const EVENT_TO_PERSON_PROPERTIES = [
+    // mobile params
+    '$app_build',
+    '$app_name',
+    '$app_namespace',
+    '$app_version',
+    // web params
+    '$browser',
+    '$browser_version',
+    '$device_type',
+    '$current_url',
+    '$pathname',
+    '$os',
+    '$os_name', // $os_name is a special case, it's treated as an alias of $os!
+    '$os_version',
+    '$referring_domain',
+    '$referrer',
+    '$screen_height',
+    '$screen_width',
+    '$viewport_height',
+    '$viewport_width',
+    '$raw_user_agent',
+]
+
+export const MASKED = '<masked>'
+
+// Campaign params that can be read from the cookie store
+export const COOKIE_CAMPAIGN_PARAMS = [
+    'li_fat_id', // linkedin
+]
+
+export function getCampaignParams(
+    customTrackedParams?: string[],
+    maskPersonalDataProperties?: boolean,
+    customPersonalDataProperties?: string[] | undefined
+): Record<string, string> {
+    if (!document) {
+        return {}
+    }
+
+    const paramsToMask = maskPersonalDataProperties
+        ? extendArray([], PERSONAL_DATA_CAMPAIGN_PARAMS, customPersonalDataProperties || [])
+        : []
+
+    // Initially get campaign params from the URL
+    const urlCampaignParams = _getCampaignParamsFromUrl(
+        maskQueryParams(document.URL, paramsToMask, MASKED),
+        customTrackedParams
+    )
+
+    // But we can also get some of them from the cookie store
+    // For example: https://learn.microsoft.com/en-us/linkedin/marketing/conversions/enabling-first-party-cookies?view=li-lms-2025-05#reading-li_fat_id-from-cookies
+    const cookieCampaignParams = _getCampaignParamsFromCookie()
+
+    // Prefer the values found in the urlCampaignParams if possible
+    // `extend` will override the values if found in the second argument
+    return extend(cookieCampaignParams, urlCampaignParams)
+}
+
+function _getCampaignParamsFromUrl(url: string, customParams?: string[]): Record<string, string> {
+    const campaign_keywords = CAMPAIGN_PARAMS.concat(customParams || [])
+
+    const params: Record<string, any> = {}
+    each(campaign_keywords, function (kwkey) {
+        const kw = getQueryParam(url, kwkey)
+        params[kwkey] = kw ? kw : null
+    })
+
+    return params
+}
+
+function _getCampaignParamsFromCookie(): Record<string, string> {
+    const params: Record<string, any> = {}
+    each(COOKIE_CAMPAIGN_PARAMS, function (kwkey) {
+        const kw = cookieStore._get(kwkey)
+        params[kwkey] = kw ? kw : null
+    })
+
+    return params
+}
+
+function _getSearchEngine(referrer: string): string | null {
+    if (!referrer) {
+        return null
+    } else {
+        if (referrer.search(URL_REGEX_PREFIX + 'google.([^/?]*)') === 0) {
+            return 'google'
+        } else if (referrer.search(URL_REGEX_PREFIX + 'bing.com') === 0) {
+            return 'bing'
+        } else if (referrer.search(URL_REGEX_PREFIX + 'yahoo.com') === 0) {
+            return 'yahoo'
+        } else if (referrer.search(URL_REGEX_PREFIX + 'duckduckgo.com') === 0) {
+            return 'duckduckgo'
+        } else {
+            return null
+        }
+    }
+}
+
+function _getSearchInfoFromReferrer(referrer: string): Record<string, any> {
+    const search = _getSearchEngine(referrer)
+    const param = search != 'yahoo' ? 'q' : 'p'
+    const ret: Record<string, any> = {}
+
+    if (!isNull(search)) {
+        ret['$search_engine'] = search
+
+        const keyword = document ? getQueryParam(document.referrer, param) : ''
+        if (keyword.length) {
+            ret['ph_keyword'] = keyword
+        }
+    }
+
+    return ret
+}
+
+export function getSearchInfo(): Record<string, any> {
+    const referrer = document?.referrer
+    if (!referrer) {
+        return {}
+    }
+    return _getSearchInfoFromReferrer(referrer)
+}
+
+export function getBrowserLanguage(): string | undefined {
+    return (
+        navigator.language || // Any modern browser
+        (navigator as Record<string, any>).userLanguage // IE11
+    )
+}
+
+export function getBrowserLanguagePrefix(): string | undefined {
+    const lang = getBrowserLanguage()
+    return typeof lang === 'string' ? lang.split('-')[0] : undefined
+}
+
+export function getReferrer(): string {
+    return document?.referrer || '$direct'
+}
+
+export function getReferringDomain(): string {
+    if (!document?.referrer) {
+        return '$direct'
+    }
+    return convertToURL(document.referrer)?.host || '$direct'
+}
+
+export function getReferrerInfo(): Record<string, any> {
+    return {
+        $referrer: getReferrer(),
+        $referring_domain: getReferringDomain(),
+    }
+}
+
+export function getPersonInfo(maskPersonalDataProperties?: boolean, customPersonalDataProperties?: string[]) {
+    const paramsToMask = maskPersonalDataProperties
+        ? extendArray([], PERSONAL_DATA_CAMPAIGN_PARAMS, customPersonalDataProperties || [])
+        : []
+    const url = location?.href.substring(0, 1000)
+    // we're being a bit more economical with bytes here because this is stored in the cookie
+    return {
+        r: getReferrer().substring(0, 1000),
+        u: url ? maskQueryParams(url, paramsToMask, MASKED) : undefined,
+    }
+}
+
+export function getPersonPropsFromInfo(info: Record<string, any>): Record<string, any> {
+    const { r: referrer, u: url } = info
+    const referring_domain =
+        referrer == null ? undefined : referrer == '$direct' ? '$direct' : convertToURL(referrer)?.host
+
+    const props: Record<string, string | undefined> = {
+        $referrer: referrer,
+        $referring_domain: referring_domain,
+    }
+    if (url) {
+        props['$current_url'] = url
+        const location = convertToURL(url)
+        props['$host'] = location?.host
+        props['$pathname'] = location?.pathname
+        const campaignParams = _getCampaignParamsFromUrl(url)
+        extend(props, campaignParams)
+    }
+    if (referrer) {
+        const searchInfo = _getSearchInfoFromReferrer(referrer)
+        extend(props, searchInfo)
+    }
+    return props
+}
+
+export function getInitialPersonPropsFromInfo(info: Record<string, any>): Record<string, any> {
+    const personProps = getPersonPropsFromInfo(info)
+    const props: Record<string, any> = {}
+    each(personProps, function (val: any, key: string) {
+        props[`$initial_${stripLeadingDollar(key)}`] = val
+    })
+    return props
+}
+
+export function getTimezone(): string | undefined {
+    try {
+        return Intl.DateTimeFormat().resolvedOptions().timeZone
+    } catch {
+        return undefined
+    }
+}
+
+export function getTimezoneOffset(): number | undefined {
+    try {
+        return new Date().getTimezoneOffset()
+    } catch {
+        return undefined
+    }
+}
+
+export function getEventProperties(
+    maskPersonalDataProperties?: boolean,
+    customPersonalDataProperties?: string[]
+): Properties {
+    if (!userAgent) {
+        return {}
+    }
+    const paramsToMask = maskPersonalDataProperties
+        ? extendArray([], PERSONAL_DATA_CAMPAIGN_PARAMS, customPersonalDataProperties || [])
+        : []
+    const [os_name, os_version] = detectOS(userAgent)
+    return extend(
+        stripEmptyProperties({
+            $os: os_name,
+            $os_version: os_version,
+            $browser: detectBrowser(userAgent, navigator.vendor),
+            $device: detectDevice(userAgent),
+            $device_type: detectDeviceType(userAgent),
+            $timezone: getTimezone(),
+            $timezone_offset: getTimezoneOffset(),
+        }),
+        {
+            $current_url: maskQueryParams(location?.href, paramsToMask, MASKED),
+            $host: location?.host,
+            $pathname: location?.pathname,
+            $raw_user_agent: userAgent.length > 1000 ? userAgent.substring(0, 997) + '...' : userAgent,
+            $browser_version: detectBrowserVersion(userAgent, navigator.vendor),
+            $browser_language: getBrowserLanguage(),
+            $browser_language_prefix: getBrowserLanguagePrefix(),
+            $screen_height: window?.screen.height,
+            $screen_width: window?.screen.width,
+            $viewport_height: window?.innerHeight,
+            $viewport_width: window?.innerWidth,
+            $lib: 'web',
+            $lib_version: Config.LIB_VERSION,
+            $insert_id: Math.random().toString(36).substring(2, 10) + Math.random().toString(36).substring(2, 10),
+            $time: Date.now() / 1000, // epoch time in seconds
+        }
+    )
+}