How to prevent contact details from being shared in a TalkJS

To keep your users and your platform secure, you may want to control the type of information that users can share in your chat. For example, you might want to prevent users from sharing email addresses or phone numbers, to keep all communication on your platform.

Content masking allows you to control exactly what type of content your users are able to share—all directly from your TalkJS dashboard.

Activate content masking

To activate content masking, take the following steps:

  1. Go to the Chat UI page in your TalkJS dashboard.
  2. In the section Mask unwanted content, select from the following three levels of content filtering:

Content filtering level

Result

No suppression

No content gets masked. Users can send all content in all messages.

Global suppression

Content gets masked in all messages. Masked content gets replaced by replacement text.

Selective suppression

Content gets masked in all messages, but only shows up as masked in messages sent by others, and not in the sender’s own messages. Masked content gets replaced by replacement text. 

Note: With selective suppression, it is not shown to a sender that content in their messages gets masked for the recipient. Selective suppression makes it harder for users to find workarounds, but it can be considered user-hostile, since it doesn’t show users how their messages are received.

When you mask unwanted content, TalkJS replaces the suppressed content with replacement text. By default, the replacement text is the phrase "(hidden information)", translated into the user's locale.

A message shown without and with content masking

To specify your own replacement text, enter your preferred text in the Replacement Text field.

Customize content masking

You can tailor which types of content you would like TalkJS to suppress in your chat. To apply content masking to links, email addresses, phone numbers, or all of these, select the corresponding checkboxes in the Mask unwanted content section.

Allow some hostnames

Even when you’re masking links and email addresses generally, you might still want to allow users to share some specific contact details, such as your own email address and website. To achieve this:

  1. Select Add entry in the Allowed hostnames section.
  2. Add the hostname that you would like to allow.

Use * to allow any subdomain. For example, to allow links to https://subdomain.example.com or hello@example.com, add entries for example.com and *.example.com.

URLs and email addresses that match allowed hostnames will show up as normal in the chat, even if other content is masked.

Allow some phone numbers

To allow users to share specific phone numbers, even while blocking phone numbers generally, you can specify a pattern.

  1. Select Add entry in the Allowed phone numbers section.
  2. Add the suffix of the phone number that you would like to allow.

The Allowed phone number field ignores the punctuation, so that it can match both international and national formats. For example, adding 402475869 to the allowed phone numbers list allows both +31(0)40-2475869 and 040-2475869.

Add a custom pattern for content masking

Do you need yet more flexibility in content masking? Then you can add custom content masking patterns.

  1. Select Add entry in the Custom suppression patterns section.
  2. Specify the pattern you’d like to use for content masking, using valid JavaScript regular expression (RegExp) literals.

For example:

  • To mask mentions of certain fruits, you could add: /apple|banana|cherry|date/i.
  • To mask any mentions of US ZIP codes, you could use: /^[0-9]{5}(?:-[0-9]{4})?$/.

Add a custom pattern for exceptions to content masking

You can also a custom pattern to specify exceptions to content masking.

  1. Select Add entry in the Suppression exceptions section.
  2. Specify the pattern using valid JavaScript RegExp literals. For example, to allows links to any subdomain of your site, you could use: /[^/]*.example.com/.

Patterns listed as exceptions to content masking take priority over custom content masking patterns. For example, if you mask /example/i but allow /[^/]*.example.com/, then links to example.com show up normally.

Contact suppression is just one way in which you can keep your users safe and enforce your platform guidelines. For further resources, also consider the following guides:


Do you have any questions about content masking? Get in touch.