mixpanel-browser 2.39.0 → 2.42.0

package/src/request-queue.js

@@ -95,6 +95,7 @@ RequestQueue.prototype.fillBatch = function(batchSize) {
             for (var i = 0; i < storedQueue.length; i++) {
                 var item = storedQueue[i];
                 if (new Date().getTime() > item['flushAfter'] && !idsInBatch[item['id']]) {
+                    item.orphaned = true;
                     batch.push(item);
                     if (batch.length >= batchSize) {
                         break;
@@ -151,6 +152,52 @@ RequestQueue.prototype.removeItemsByID = function(ids, cb) {
     }, this.pid);
 };
 
+// internal helper for RequestQueue.updatePayloads
+var updatePayloads = function(existingItems, itemsToUpdate) {
+    var newItems = [];
+    _.each(existingItems, function(item) {
+        var id = item['id'];
+        if (id in itemsToUpdate) {
+            var newPayload = itemsToUpdate[id];
+            if (newPayload !== null) {
+                item['payload'] = newPayload;
+                newItems.push(item);
+            }
+        } else {
+            // no update
+            newItems.push(item);
+        }
+    });
+    return newItems;
+};
+
+/**
+ * Update payloads of given items in both in-memory queue and
+ * persisted queue. Items set to null are removed from queues.
+ */
+RequestQueue.prototype.updatePayloads = function(itemsToUpdate, cb) {
+    this.memQueue = updatePayloads(this.memQueue, itemsToUpdate);
+    this.lock.withLock(_.bind(function lockAcquired() {
+        var succeeded;
+        try {
+            var storedQueue = this.readFromStorage();
+            storedQueue = updatePayloads(storedQueue, itemsToUpdate);
+            succeeded = this.saveToStorage(storedQueue);
+        } catch(err) {
+            logger.error('Error updating items', itemsToUpdate);
+            succeeded = false;
+        }
+        if (cb) {
+            cb(succeeded);
+        }
+    }, this), function lockFailure(err) {
+        logger.error('Error acquiring storage lock', err);
+        if (cb) {
+            cb(false);
+        }
+    }, this.pid);
+};
+
 /**
  * Read and parse items array from localStorage entry, handling
  * malformed/missing data if necessary.

package/src/utils.js

@@ -67,6 +67,19 @@ var console = {
         }
     },
     /** @type {function(...*)} */
+    warn: function() {
+        if (Config.DEBUG && !_.isUndefined(windowConsole) && windowConsole) {
+            var args = ['Mixpanel warning:'].concat(_.toArray(arguments));
+            try {
+                windowConsole.warn.apply(windowConsole, args);
+            } catch (err) {
+                _.each(args, function(arg) {
+                    windowConsole.warn(arg);
+                });
+            }
+        }
+    },
+    /** @type {function(...*)} */
     error: function() {
         if (Config.DEBUG && !_.isUndefined(windowConsole) && windowConsole) {
             var args = ['Mixpanel error:'].concat(_.toArray(arguments));
@@ -232,13 +245,13 @@ _.toArray = function(iterable) {
     return _.values(iterable);
 };
 
-_.map = function(arr, callback) {
+_.map = function(arr, callback, context) {
     if (nativeMap && arr.map === nativeMap) {
-        return arr.map(callback);
+        return arr.map(callback, context);
     } else {
         var results = [];
         _.each(arr, function(item) {
-            results.push(callback(item));
+            results.push(callback.call(context, item));
         });
         return results;
     }
@@ -266,10 +279,6 @@ _.values = function(obj) {
     return results;
 };
 
-_.identity = function(value) {
-    return value;
-};
-
 _.include = function(obj, target) {
     var found = false;
     if (obj === null) {
@@ -932,9 +941,37 @@ _.UUID = (function() {
 // _.isBlockedUA()
 // This is to block various web spiders from executing our JS and
 // sending false tracking data
+var BLOCKED_UA_STRS = [
+    'baiduspider',
+    'bingbot',
+    'bingpreview',
+    'facebookexternal',
+    'pinterest',
+    'screaming frog',
+    'yahoo! slurp',
+    'yandexbot',
+
+    // a whole bunch of goog-specific crawlers
+    // https://developers.google.com/search/docs/advanced/crawling/overview-google-crawlers
+    'adsbot-google',
+    'apis-google',
+    'duplexweb-google',
+    'feedfetcher-google',
+    'google favicon',
+    'google web preview',
+    'google-read-aloud',
+    'googlebot',
+    'googleweblight',
+    'mediapartners-google',
+    'storebot-google'
+];
 _.isBlockedUA = function(ua) {
-    if (/(google web preview|baiduspider|yandexbot|bingbot|googlebot|yahoo! slurp)/i.test(ua)) {
-        return true;
+    var i;
+    ua = ua.toLowerCase();
+    for (i = 0; i < BLOCKED_UA_STRS.length; i++) {
+        if (ua.indexOf(BLOCKED_UA_STRS[i]) !== -1) {
+            return true;
+        }
     }
     return false;
 };
@@ -979,10 +1016,6 @@ _.getQueryParam = function(url, param) {
     }
 };
 
-_.getHashParam = function(hash, param) {
-    var matches = hash.match(new RegExp(param + '=([^&]*)'));
-    return matches ? matches[1] : null;
-};
 
 // _.cookie
 // Methods partially borrowed from quirksmode.org/js/cookies.html
@@ -1649,28 +1682,6 @@ var cheap_guid = function(maxlen) {
     return maxlen ? guid.substring(0, maxlen) : guid;
 };
 
-/**
- * Check deterministically whether to include or exclude from a feature rollout/test based on the
- * given string and the desired percentage to include.
- * @param {String} str - string to run the check against (for instance a project's token)
- * @param {String} feature - name of feature (for inclusion in hash, to ensure different results
- * for different features)
- * @param {Number} percent_allowed - percentage chance that a given string will be included
- * @returns {Boolean} whether the given string should be included
- */
-var determine_eligibility = _.safewrap(function(str, feature, percent_allowed) {
-    str = str + feature;
-
-    // Bernstein's hash: http://www.cse.yorku.ca/~oz/hash.html#djb2
-    var hash = 5381;
-    for (var i = 0; i < str.length; i++) {
-        hash = ((hash << 5) + hash) + str.charCodeAt(i);
-        hash = hash & hash;
-    }
-    var dart = (hash >>> 0) % 100;
-    return dart < percent_allowed;
-});
-
 // naive way to extract domain name (example.com) from full hostname (my.sub.example.com)
 var SIMPLE_DOMAIN_MATCH_REGEX = /[a-z0-9][a-z0-9-]*\.[a-z]+$/i;
 // this next one attempts to account for some ccSLDs, e.g. extracting oxford.ac.uk from www.oxford.ac.uk
@@ -1729,9 +1740,9 @@ export {
     navigator,
     cheap_guid,
     console_with_prefix,
-    determine_eligibility,
     extract_domain,
     localStorageSupported,
     JSONStringify,
-    JSONParse
+    JSONParse,
+    slice
 };

package/.travis.yml

@@ -1,8 +0,0 @@
-node_js:
-- '10'
-- '12'
-language: node_js
-script:
-- npm test
-branches:
-  only: master

package/src/autotrack-utils.js

@@ -1,192 +0,0 @@
-import { _ } from './utils';
-
-/*
- * Get the className of an element, accounting for edge cases where element.className is an object
- * @param {Element} el - element to get the className of
- * @returns {string} the element's class
- */
-export function getClassName(el) {
-    switch(typeof el.className) {
-        case 'string':
-            return el.className;
-        case 'object': // handle cases where className might be SVGAnimatedString or some other type
-            return el.className.baseVal || el.getAttribute('class') || '';
-        default: // future proof
-            return '';
-    }
-}
-
-/*
- * Get the direct text content of an element, protecting against sensitive data collection.
- * Concats textContent of each of the element's text node children; this avoids potential
- * collection of sensitive data that could happen if we used element.textContent and the
- * element had sensitive child elements, since element.textContent includes child content.
- * Scrubs values that look like they could be sensitive (i.e. cc or ssn number).
- * @param {Element} el - element to get the text of
- * @returns {string} the element's direct text content
- */
-export function getSafeText(el) {
-    var elText = '';
-
-    if (shouldTrackElement(el) && el.childNodes && el.childNodes.length) {
-        _.each(el.childNodes, function(child) {
-            if (isTextNode(child) && child.textContent) {
-                elText += _.trim(child.textContent)
-                    // scrub potentially sensitive values
-                    .split(/(\s+)/).filter(shouldTrackValue).join('')
-                    // normalize whitespace
-                    .replace(/[\r\n]/g, ' ').replace(/[ ]+/g, ' ')
-                    // truncate
-                    .substring(0, 255);
-            }
-        });
-    }
-
-    return _.trim(elText);
-}
-
-/*
- * Check whether an element has nodeType Node.ELEMENT_NODE
- * @param {Element} el - element to check
- * @returns {boolean} whether el is of the correct nodeType
- */
-export function isElementNode(el) {
-    return el && el.nodeType === 1; // Node.ELEMENT_NODE - use integer constant for browser portability
-}
-
-/*
- * Check whether an element is of a given tag type.
- * Due to potential reference discrepancies (such as the webcomponents.js polyfill),
- * we want to match tagNames instead of specific references because something like
- * element === document.body won't always work because element might not be a native
- * element.
- * @param {Element} el - element to check
- * @param {string} tag - tag name (e.g., "div")
- * @returns {boolean} whether el is of the given tag type
- */
-export function isTag(el, tag) {
-    return el && el.tagName && el.tagName.toLowerCase() === tag.toLowerCase();
-}
-
-/*
- * Check whether an element has nodeType Node.TEXT_NODE
- * @param {Element} el - element to check
- * @returns {boolean} whether el is of the correct nodeType
- */
-export function isTextNode(el) {
-    return el && el.nodeType === 3; // Node.TEXT_NODE - use integer constant for browser portability
-}
-
-/*
- * Check whether a DOM event should be "tracked" or if it may contain sentitive data
- * using a variety of heuristics.
- * @param {Element} el - element to check
- * @param {Event} event - event to check
- * @returns {boolean} whether the event should be tracked
- */
-export function shouldTrackDomEvent(el, event) {
-    if (!el || isTag(el, 'html') || !isElementNode(el)) {
-        return false;
-    }
-    var tag = el.tagName.toLowerCase();
-    switch (tag) {
-        case 'html':
-            return false;
-        case 'form':
-            return event.type === 'submit';
-        case 'input':
-            if (['button', 'submit'].indexOf(el.getAttribute('type')) === -1) {
-                return event.type === 'change';
-            } else {
-                return event.type === 'click';
-            }
-        case 'select':
-        case 'textarea':
-            return event.type === 'change';
-        default:
-            return event.type === 'click';
-    }
-}
-
-/*
- * Check whether a DOM element should be "tracked" or if it may contain sentitive data
- * using a variety of heuristics.
- * @param {Element} el - element to check
- * @returns {boolean} whether the element should be tracked
- */
-export function shouldTrackElement(el) {
-    for (var curEl = el; curEl.parentNode && !isTag(curEl, 'body'); curEl = curEl.parentNode) {
-        var classes = getClassName(curEl).split(' ');
-        if (_.includes(classes, 'mp-sensitive') || _.includes(classes, 'mp-no-track')) {
-            return false;
-        }
-    }
-
-    if (_.includes(getClassName(el).split(' '), 'mp-include')) {
-        return true;
-    }
-
-    // don't send data from inputs or similar elements since there will always be
-    // a risk of clientside javascript placing sensitive data in attributes
-    if (
-        isTag(el, 'input') ||
-        isTag(el, 'select') ||
-        isTag(el, 'textarea') ||
-        el.getAttribute('contenteditable') === 'true'
-    ) {
-        return false;
-    }
-
-    // don't include hidden or password fields
-    var type = el.type || '';
-    if (typeof type === 'string') { // it's possible for el.type to be a DOM element if el is a form with a child input[name="type"]
-        switch(type.toLowerCase()) {
-            case 'hidden':
-                return false;
-            case 'password':
-                return false;
-        }
-    }
-
-    // filter out data from fields that look like sensitive fields
-    var name = el.name || el.id || '';
-    if (typeof name === 'string') { // it's possible for el.name or el.id to be a DOM element if el is a form with a child input[name="name"]
-        var sensitiveNameRegex = /^cc|cardnum|ccnum|creditcard|csc|cvc|cvv|exp|pass|pwd|routing|seccode|securitycode|securitynum|socialsec|socsec|ssn/i;
-        if (sensitiveNameRegex.test(name.replace(/[^a-zA-Z0-9]/g, ''))) {
-            return false;
-        }
-    }
-
-    return true;
-}
-
-/*
- * Check whether a string value should be "tracked" or if it may contain sentitive data
- * using a variety of heuristics.
- * @param {string} value - string value to check
- * @returns {boolean} whether the element should be tracked
- */
-export function shouldTrackValue(value) {
-    if (value === null || _.isUndefined(value)) {
-        return false;
-    }
-
-    if (typeof value === 'string') {
-        value = _.trim(value);
-
-        // check to see if input value looks like a credit card number
-        // see: https://www.safaribooksonline.com/library/view/regular-expressions-cookbook/9781449327453/ch04s20.html
-        var ccRegex = /^(?:(4[0-9]{12}(?:[0-9]{3})?)|(5[1-5][0-9]{14})|(6(?:011|5[0-9]{2})[0-9]{12})|(3[47][0-9]{13})|(3(?:0[0-5]|[68][0-9])[0-9]{11})|((?:2131|1800|35[0-9]{3})[0-9]{11}))$/;
-        if (ccRegex.test((value || '').replace(/[- ]/g, ''))) {
-            return false;
-        }
-
-        // check to see if input value looks like a social security number
-        var ssnRegex = /(^\d{3}-?\d{2}-?\d{4}$)/;
-        if (ssnRegex.test(value)) {
-            return false;
-        }
-    }
-
-    return true;
-}