Skip to content

docs(js): Update "Scrubbing Data" guide for span streaming, logs and metrics #18013

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Lms24 wants to merge 2 commits into
base: master
Choose a base branch
from
+17 −2
Open

docs(js): Update "Scrubbing Data" guide for span streaming, logs and metrics #18013

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3dcc6cf
docs(js): Update "Scrubbing Data" guide for span streaming, logs and …
Lms24 Jun 3, 2026
897a068
Update docs/platforms/javascript/common/data-management/sensitive-dat…
Lms24 Jun 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions docs/platforms/javascript/common/data-management/sensitive-data/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,23 @@ If you _do not_ wish to use the default PII behavior, you can also choose to ide

## Scrubbing Data

### <PlatformIdentifier name="before-send" /> & <PlatformIdentifier name="before-send-transaction" />
### Scrubbing in `beforeSend*` SDK hooks

SDKs provide a <PlatformIdentifier name="before-send" /> hook, which is invoked before an error or message event is sent and can be used to modify event data to remove sensitive information. Some SDKs also provide a <PlatformIdentifier name="before-send-transaction" /> hook which does the same thing for transactions. We recommend using <PlatformIdentifier name="before-send" /> and <PlatformIdentifier name="before-send-transaction" /> in the SDKs to **scrub any data before it is sent**, to ensure that sensitive data never leaves the local environment.
SDKs provide various `beforeSend*` hooks, which are invoked before an errors, messages, spans, logs or metrics are sent and can be used to modify event data to remove sensitive information. The following hooks are available:

- `beforeSend` applies to error and message events
Copy link
Copy Markdown
Collaborator

@inventarSarah inventarSarah Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be handy to link these to the respective documentation -- wdyt?

- `beforeSendSpan` applies to spans
- `beforeSendLog` applies to logs
- `beforeSendMetric` applies to metrics
- `beforeSendTransaction` applies to transactions (only in transaction mode)

<Alert>

If you're using <PlatformLink to="/tracing/new-spans/">Span Stream Mode</PlatformLink>, `beforeSendTransaction` has no effect. Instead, use `beforeSendSpan` with the `withStreamedSpan` helper to modify streamed spans directly.
Copy link
Copy Markdown
Collaborator

@inventarSarah inventarSarah Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you're using <PlatformLink to="/tracing/new-spans/">Span Stream Mode</PlatformLink>, `beforeSendTransaction` has no effect. Instead, use `beforeSendSpan` with the `withStreamedSpan` helper to modify streamed spans directly.
If you're using <PlatformLink to="/tracing/new-spans/">stream mode</PlatformLink>, `beforeSendTransaction` has no effect. Instead, use `beforeSendSpan` with the `withStreamedSpan` helper to modify streamed spans directly.


</Alert>

We recommend using these hooks in the SDKs to **scrub any data before it is sent**, to ensure that sensitive data never leaves the local environment.
Comment on lines +51 to +55
Copy link
Copy Markdown
Contributor

@sentry sentry Bot Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The documentation contains a broken link to /tracing/new-spans/ and mentions an undocumented helper API withStreamedSpan.
Severity: LOW

Suggested Fix

Remove the <PlatformLink> to the non-existent page and the mention of the withStreamedSpan helper. Alternatively, create the corresponding documentation page and add the necessary details for the feature.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location:
docs/platforms/javascript/common/data-management/sensitive-data/index.mdx#L51-L55

Potential issue: The documentation file contains a `<PlatformLink>` that points to the
path `/tracing/new-spans/`. This link is broken and will result in a 404 error for
users, as the target page does not exist within the documentation repository. The same
section also refers to a helper API named `withStreamedSpan` and a feature called "Span
Stream Mode" without providing any documentation, examples, or cross-references, making
the guidance incomplete and unactionable for developers trying to use the feature.

Did we get this right? 👍 / 👎 to inform future reviews.

Copy link
Copy Markdown
Member Author

@Lms24 Lms24 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct. The link and the API are only introduced in #17834. This PR won't be merged before that.


<PlatformContent includePath="configuration/before-send/" />

Expand All @@ -50,6 +64,7 @@ Sensitive data may appear in the following areas:
- HTTP context → Query strings may be picked up in some frameworks as part of the HTTP request context.
- Transaction Names → In certain situations, transaction names might contain sensitive data. For example, a browser's pageload transaction might have a raw URL like `/users/1234/details` as its name (where `1234` is a user id, which may be considered PII). In most cases, our SDKs can parameterize URLs and routes successfully, that is, turn `/users/1234/details` into `/users/:userid/details`. However, depending on the framework, your routing configuration, race conditions, and a few other factors, the SDKs might not be able to completely parameterize all of your URLs.
- HTTP Spans → Most SDKs will include the HTTP query string and fragment as a data attribute, which means the HTTP span may need to be scrubbed.
- Attributes → Attributes can be scrubbed using the `beforeSendSpan`, `beforeSendLog`, and `beforeSendMetric` hooks for the respective telemetry types.

For more details and data filtering instructions, see <PlatformLink to="/configuration/filtering/">Filtering Events</PlatformLink>.

Expand Down
Loading