Guides and resources
Tutorials Custom features Roles

How to ensure that contact information can't be shared in a TalkJS chat

by TalkJS 4 min read

With the TalkJS chat API you can easily add 1-on-1, group and live stream chat to your website. With any imaginable chat or messaging use case, some users will always try to share contact information or links to different websites. We've got you covered: using our solution you can easily restrict some or all contact info and allow or block any other phrases or URLs you want.

This way you can ensure a safe and secure environment for your users, decreasing the possibility of losing them to an alternative communication channel.

For this guide we'll consider you setup your app and your users can already exchange messages. If you are new to using TalkJS, make sure to visit our Getting Started guide.

In some situations you might want to suppress all contact information shared by your users. Based on your use case, you might also want to allow some chat participants to share some links or contact info.

For example:

  • a support agent should be allowed to share a link with a customer
  • exhibitors or streamers might want to promote their website or external resources, but prevent attendees from sharing their information with everyone
  • teachers

TalkJS User Roles

For flexibility, TalkJS allows you to define multiple Roles that can be assigned to your users to control different settings for the user groups, including text/contact information suppression

You can easily create and modify Roles in the TalkJS Dashboard.

The role configuration page has a dedicated section Suppress contact info that allows you to choose one of the following modes:

  • Do not suppress contact info: no suppression
  • Suppress contact info in all messages: the sender will also see the contact info suppressed in his view
  • Only suppress contact info in messages written by others: only the sender will see the contact info
    After you make a selection and save the role, you'll need to assign a role to a user when you create it. Even if the role is named default, you will still need to assign it in your code.

Remember to also update the role value in your code if you update the name in the dashboard.

For the REST API:

curl https://api.talkjs.com/v1/YOUR_APP_ID/users/12081 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_SECRET_KEY" \
-X PUT \
-d '{ "name":"Alice", "email": ["alice@example.com"], "photoUrl": "https://demo.talkjs.com/img/alice.jpg", "welcomeMessage": "Hey there! How are you? :-)", "role": "default" }'

For the JavaScript Chat SDK:

const me = new Talk.User({
    id: "123456",
    name: "Alice",
    email: "alice@example.com",
    photoUrl: "https://demo.talkjs.com/img/alice.jpg",
    welcomeMessage: "Hey there! How are you? :-)"
    role: "default" // <-- that's the one!
});

 

Suppression options

By default, enabling any of these modes will suppress the contact information shared by the chat participants. This section will now feature some options to give you more control.

Allowed hostnames

The section allows you to define multiple whitelisted domains. If you want to allow all links, you can use *. Some additional usages include:

  • only some top level domains: . (.co, *.nl)
  • your website - domain and email(you will need to entries): yourwebsite.com and *.yourwebsite.com

Allowed phone numbers

You can define individually multiple phone numbers users can share. This actually matches the suffix of the phone number and ignores the punctuation. For example, if you will pass 869, it will allow all phone numbers ending with 869:

  • 040-2475869
  • +31 04.02.47.58.69
  • 0031 40 247 5869
  • +31 (0)40-2475869
    To be more precise, you can set the value to 402475869.

Advanced settings

If the previous options do not cover your needs, we also implemented advanced settings to for allowed or forbidden matches using JavaScript regexp literal

Allowed matches allow you to define patterns that might be suppressed based on the rules defined above.

With the Forbidden matches you extend the list of patterns that won’t show in chat:

  • certain words: /banana|apple|pear|cherry/i
  • US ZIP Codes (both the five-digit and nine-digit): /^[0-9]{5}(?:-[0-9]{4})?$/

If the user’s message contains forbidden information, the section will be replaced by the Contact information was hidden) message:

Final thoughts

Contact suppression and word filtering are just some of the ways you can keep your users  safe and enforce your platform's guidelines. Check out our security recommendations for suggestions on how to further improve your customers' security and privacy. 

For any other questions, feel free to get in touch via the support chat on our website.

Read more posts by this author

TalkJS

The link has been copied!
You’ve successfully subscribed to TalkJS
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.