Rules Hub
Coding Rules Library
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
Mask PII when displaying or logging it (last-4, partial email)
Render and log PII in masked form by default (e.g. j••@example.com, ****1234). Reveal full values only behind an explicit, access-controlled action and never in logs.
Bad example
| 1 | // shared util used in UI and logs |
| 2 | export function describeAccount(a: Account): string { |
| 3 | return `${a.email} / card ${a.cardNumber} / ssn ${a.ssn}`; |
| 4 | } |
| 5 |
|
| 6 | logger.info(describeAccount(account), 'account loaded'); // full PII in logs |
| 7 | return <span>{describeAccount(account)}</span>; // full PII on screen |
Explanation (EN)
Emitting full email, full card number, and SSN both to logs and the UI maximizes exposure: log access, screen sharing, screenshots, browser history, and shoulder-surfing all become leak vectors. Full card/SSN in logs can also breach PCI/GDPR obligations. There is rarely a functional reason to show the complete value.
Objašnjenje (HR)
Emitiranje pune e-mail adrese, punog broja kartice i OIB-a/SSN-a i u logove i u UI maksimizira izloženost: pristup logovima, dijeljenje ekrana, screenshotovi, povijest preglednika i gledanje preko ramena svi postaju vektori curenja. Puni broj kartice/SSN u logovima može prekršiti PCI/GDPR obveze. Rijetko postoji funkcionalan razlog za prikaz cijele vrijednosti.
Good example
| 1 | export function maskEmail(email: string): string { |
| 2 | const [user, domain] = email.split('@'); |
| 3 | return `${user.slice(0, 1)}••@${domain}`; |
| 4 | } |
| 5 | export function maskTail(value: string, visible = 4): string { |
| 6 | return `••••${value.slice(-visible)}`; |
| 7 | } |
| 8 |
|
| 9 | logger.info({ email: maskEmail(account.email) }, 'account loaded'); // masked in logs |
| 10 | return <span>{maskEmail(account.email)} · {maskTail(account.cardNumber)}</span>; |
Explanation (EN)
PII is reduced to the minimum needed to identify the right record (a recognizable hint) without exposing the full value. The same masking helpers serve both UI and logs, so the safe form is the default path. If a full value is genuinely required, gate it behind an explicit reveal action with authorization — and still keep it out of logs.
Objašnjenje (HR)
PII je sveden na minimum potreban za prepoznavanje ispravnog zapisa (prepoznatljiv trag) bez izlaganja pune vrijednosti. Isti pomoćnici za maskiranje služe i UI-u i logovima, pa je sigurni oblik zadana putanja. Ako je puna vrijednost zaista potrebna, zaštitite je eksplicitnom akcijom otkrivanja s autorizacijom — i dalje je držite izvan logova.
Exceptions / Tradeoffs (EN)
A user viewing their own data may legitimately need to see their full email or other non-financial identifiers; financial identifiers (full card/SSN) should stay masked even there. Masking format may vary by locale/regulation.
Iznimke / Tradeoffi (HR)
Korisnik koji pregledava vlastite podatke legitimno može trebati vidjeti svoju punu e-mail adresu ili druge nefinancijske identifikatore; financijski identifikatori (puni broj kartice/SSN) trebaju ostati maskirani čak i tamo. Format maskiranja može varirati ovisno o lokalizaciji/regulativi.