fix(277): fully mask form-encoded values

[ioncache]

Overview

Fixes form-encoded sanitization so sensitive values containing punctuation or URL-encoded characters are fully masked instead of leaving suffixes visible after the first non-word character.

Details

• Updated formEncodedMatcher masking behavior to consume the complete field value up to the & delimiter.
• Preserved delimiter handling so adjacent form fields remain intact after masking.
• Removed the outdated matcher note that documented partial masking as expected behavior.
• Added regression coverage for punctuated and URL-encoded-like form values in matcher and replacer tests.
• Verified removal mode still removes complete matched fields and leaves clean form-encoded output.

Related Tickets and/or Pull Requests

Fixes #277

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Enhanced form-encoded field pattern matching to correctly handle values containing special characters, punctuation, and URL-encoded sequences.

• Tests

  • Added test cases to verify proper matching, masking, and removal of form-encoded fields with special characters and punctuation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 2caf5668-4ca4-489a-9b7f-643552458dda

📥 Commits

Reviewing files that changed from the base of the PR and between 9c5c52c and e23f539.

📒 Files selected for processing (3)

• src/matchers.ts
• test/matchers.test.ts
• test/replacers.test.ts

---

📝 Walkthrough

Walkthrough

This PR fixes partial masking of form-encoded sensitive field values that contain punctuation or URL-encoded sequences. The formEncodedMatcher regex is updated to match values up to field delimiters, and comprehensive tests verify the fix at both matcher and replacer levels.

Changes

Form-encoded value masking

Layer / File(s)	Summary
Matcher regex and unit tests src/matchers.ts, test/matchers.test.ts	The formEncodedMatcher non-removal regex is updated from a non-word/non-greedy pattern to `([^&]*(&
End-to-end replacer tests test/replacers.test.ts	Two new stringReplacer test cases validate that punctuated field values are fully masked (with non-matching fields unchanged) and fully removed (leaving clean remaining fields).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops through form-encoded dreams,
Where dashes, slashes, percent signs gleam.
No more partial masks in the undergrowth—
Full coverage now keeps secrets both! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(277): fully mask form-encoded values' directly and clearly summarizes the main change—fixing form-encoded value masking as described in the changeset.
Linked Issues check	✅ Passed	The PR changes fully address the issue requirements: the regex in formEncodedMatcher now consumes values up to field delimiters, tests cover punctuation and URL-encoded values, removal mode is preserved, and existing tests remain intact.
Out of Scope Changes check	✅ Passed	All changes directly address issue #277: matcher regex fix, removal mode preservation, test coverage for punctuation/URL-encoded values, and JSDoc cleanup. No unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/277/fully_mask_form_encoded_values

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	100% (🎯 100%)	107 / 107
🔵	Statements	100% (🎯 100%)	109 / 109
🔵	Functions	100% (🎯 100%)	14 / 14
🔵	Branches	100% (🎯 100%)	72 / 72

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
src/matchers.ts	100%	100%	100%	100%

Generated in workflow #128 for commit e23f539 by the Vitest Coverage Report Action