How to ensure that contact information can't be shared in a TalkJS chat

Vlad Bartusica - May 19 '21 - - Dev Community

With the TalkJS chat API you can easily add 1-on-1, group and live stream chat to your website. With any imaginable chat or messaging use case, some users will always try to share contact information or links to different websites. We've got you covered: using our solution you can easily restrict some or all contact info and allow or block any other phrases or URLs you want.

This way you can ensure a safe and secure environment for your users, decreasing the possibility of losing them to an alternative communication channel.

Contact info

For this guide we'll consider you setup your app and your users can already exchange messages. If you are new to using TalkJS, make sure to visit our Getting Started guide.

Disable sharing contact information and links

In some situations you might want to suppress all contact information shared by your users. Based on your use case, you might also want to allow some chat participants to share some links or contact info.

For example:

  • a support agent should be allowed to share a link with a customer
  • exhibitors or streamers might want to promote their website or external resources, but prevent attendees from sharing their information with everyone

TalkJS User Roles

For flexibility, TalkJS allows you to define multipleRoles that can be assigned to your users to control different settings for the user groups, including text/contact information suppression.

You can easily create and modify Roles in the TalkJS Dashboard.

Default Roles

The role configuration page has a dedicated section Suppress contact info that allows you to choose one of the following modes:

  • Do not suppress contact info: no suppression
  • Suppress contact info in all messages: the sender will also see the contact info suppressed in his view
  • Only suppress contact info in messages written by others: only the sender will see the contact info

After you make a selection and save the role, you'll need to assign a role to a user when you create it. Even if the role is named default, you will still need to assign it in your code.

Remember to also update the role value in your code if you update the name in the dashboard.

For the REST API:

curl https://api.talkjs.com/v1/YOUR_APP_ID/users/12081 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_SECRET_KEY" \
-X PUT \
-d '{ "name":"Alice", "email": ["alice@example.com"], "photoUrl": "https://demo.talkjs.com/img/alice.jpg", "welcomeMessage": "Hey there! How are you? :-)", "role": "default" }'
Enter fullscreen mode Exit fullscreen mode

For the JavaScript Chat SDK:

const me = new Talk.User({
    id: "123456",
    name: "Alice",
    email: "alice@example.com",
    photoUrl: "https://demo.talkjs.com/img/alice.jpg",
    welcomeMessage: "Hey there! How are you? :-)"
    role: "default" // <-- that's the one!
});
Enter fullscreen mode Exit fullscreen mode

Suppression options

By default, enabling any of these modes will suppress the contact information shared by the chat participants. This section will now feature some options to give you more control.

Allowed hostnames

The section allows you to define multiple whitelisted domains. If you want to allow all links, you can use *. Some additional usages include:

  • only some top level domains: *.<tld> (*.co, *.nl)
  • your website - domain and email (you will need two entries): yourwebsite.com and *.yourwebsite.com

Allowed hostnames

Allowed phone numbers

You can define individually multiple phone numbers users can share. This actually matches the suffix of the phone number and ignores the punctuation. For example, if you will pass 869, it will allow all phone numbers ending with 869:

  • 040-2475869
  • +31 04.02.47.58.69
  • 0031 40 247 5869
  • +31 (0)40-2475869

To be more precise, you can set the value to 402475869.

Allowed phone numbers

Advanced settings

If the previous options do not cover your needs, we also implemented advanced settings to for allowed or forbidden matches using JavaScript regexp literal.

Allowed matches allow you to define patterns that might be suppressed based on the rules defined above.

With the Forbidden matches you extend the list of patterns that won't show in chat:

  • certain words: /banana|apple|pear|cherry/i
  • US ZIP Codes (both the five-digit and nine-digit): /^[0-9]{5}(?:-[0-9]{4})?$/

If the user's message contains forbidden information, the section will be replaced by the (Contact information was hidden) text:

Suppressed email

Final thoughts

Contact suppression and word filtering are just some of the ways you can keep your users safe and enforce your platform's guidelines. Check out our security recommendations for suggestions on how to further improve your customers' security and privacy.

For any other questions, feel free to get in touch via the support chat on our website.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .