mPulse Boomerang PCI Mode Configuration

Document created by Nic Jansma Employee on Mar 29, 2018
Version 1Show Document
  • View in full screen mode

mPulse's Boomerang JavaScript library can be configured to enable PCI Mode, which adds additional validations and protections against reading sensitive data from web forms.

 

PCI Mode can be enabled in one of two ways:

  1. Within Luna, enable the PCI Compliance option in the mPulse settings
  2. Within a page, you can set PageParams.pci = true via the window.BOOMR_config object:
window.BOOMR_config = window.BOOMR_config || {};
window.BOOMR_config.PageParams = window.BOOMR_config.PageParams || {};
window.BOOMR_config.PageParams.pci = true;

 

When enabled, PCI mode adds the following behavior:

  1. For <input>, <textarea> and <select> form elements with any of the autocomplete="" attributes below, the element cannot be used for a Custom Metric, Timer or Dimension:
    • name
    • honorific-prefix
    • given-name
    • additional-name
    • family-name
    • honorific-suffix
    • username
    • new-password
    • current-password
    • street-address
    • country
    • country-name
    • postal-code
    • email
    • tel
    • cc-* (wildcard)
    • address-* (wildcard)
    • tel-* (wildcard)
  2. For <input>, <textarea> and <select> form elements, if the element's value matches one of the Regular Expressions below for Credit Card Numbers or Email, the element cannot be used for a Custom Metric, Timer or Definition:
    • /(?:3[47][0-9]{13})/
    • /(?:3(?:0[0-5]|[68][0-9])[0-9]{11})/
    • /(?:6(?:011|5[0-9]{2})(?:[0-9]{12}))/
    • /(?:(?:2131|1800|35\d{3})\d{11})/
    • /(?:(?:5[0678]\d\d|6304|6390|67\d\d)\d{8,15})/
    • /(?:(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12})/
    • /(?:4[0-9]{12})(?:[0-9]{3})?/
    • /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/
  3. You may also specify a CSS selector that will apply to a list of elements. These elements cannot be used for a Custom Metric, Timer or Definition. (Note: this does not work in Internet Explorer 6 or 7).  You can specify the blacklist CSS selector via the PageParams.pciBlacklist option:
window.BOOMR_config = window.BOOMR_config || {};
window.BOOMR_config.PageParams = window.BOOMR_config.PageParams || {};
window.BOOMR_config.PageParams.pciBlacklist = "#id1, input.foo-bar";

Attachments

    Outcomes