A Chrome extension that automatically detects and masks sensitive information like passwords, emails, credit cards, and tokens on any website. Keep your screen-shares and recordings private.
- Automatic Detection: Identifies sensitive fields including passwords, emails, tokens, credit cards, SSNs, and phone numbers
- Custom CSS Selectors: Add global and per-site custom selectors to mask specific elements
- Real-time Masking: Monitors dynamic content changes with MutationObserver for instant protection
- Theme Switcher: Light and dark mode support with persistent preferences
- Chrome Storage Sync: Settings synchronized across all your devices
- SPA Navigation Support: Detects client-side navigation (pushState/replaceState) and reapplies masking
- Toggle On/Off: Quickly enable or disable masking via the browser popup
- Smart Detection: Multiple detection methods including input types, autocomplete attributes, keyword matching, and regex patterns
# Clone the repository
git clone https://github.com/yourusername/hide-sensitive-information.git
cd hide-sensitive-information
# Install dependencies
bun install
# Build the extension
bun run build- Open
chrome://extensions - Enable "Developer mode" (toggle in top-right corner)
- Click "Load unpacked"
- Select the
build/directory from this project
Click the extension icon in your Chrome toolbar to open the popup, then click the toggle button to hide or show sensitive information on the current page.
Global Selectors (applied to all websites):
- Click the extension icon
- Enter CSS selectors in the "Global selectors" field
- Separate multiple selectors with commas or newlines
- Click "Save"
Example:
.billing-email, input[name='api-token'], #credit-card-field
Per-Site Selectors (applied to specific domains):
- Navigate to the website you want to configure
- Click the extension icon
- Click "Add site rule"
- Enter CSS selectors for that specific site
- Click "Save"
Click the theme toggle button in the popup to switch between light and dark mode. Your preference is saved automatically.
Location: src/index.ts
The content script runs on all pages and is responsible for:
- Detecting sensitive input fields using multiple heuristics
- Masking sensitive information in real-time
- Monitoring DOM changes with MutationObserver (throttled at 10ms)
- Detecting SPA navigation by intercepting
history.pushStateandhistory.replaceState - Processing visible viewport content first for better perceived performance
- Finding and masking email addresses in text nodes using regex
Key Features:
- Runs at
document_startfor earliest possible execution - Uses
requestAnimationFramefor efficient DOM updates - Throttles mutation processing to prevent performance degradation
- Prioritizes viewport content before processing entire page
Location: src/background.ts
Manages extension state and icon switching:
- Listens for state changes from the popup
- Updates the extension icon based on enabled/disabled state
- Broadcasts state changes to all active tabs
Location: src/popup/index.ts
Interactive interface providing:
- Toggle button for enabling/disabling masking
- Global selector configuration
- Per-site selector management
- Theme switcher
- Visual feedback for save operations
Location: src/utils.ts
Chrome storage helpers including:
getIsHidden()/setIsHidden()- Masking stategetCustomSelectors()/setCustomSelectors()- Global selectorsgetSiteSelectors()/setSiteSelectors()- Per-site rulesgetTheme()/setTheme()- Theme preferencesgetCurrentTab()- Active tab helper
Built with modern tooling:
- Bun: JavaScript runtime and build tool
- TypeScript: Type-safe code
- Tailwind CSS: Utility-first styling for popup UI
- PostCSS: CSS processing and optimization
- Biome: Fast linting and formatting
The extension uses multiple strategies to identify sensitive fields:
type="password"type="email"type="tel"
current-password,new-passwordone-time-codecc-number,cc-csc,cc-exp,cc-exp-month,cc-exp-year,cc-nameemail,tel
Searches for sensitive keywords in element attributes (name, id, aria-label, placeholder, data-testid):
- password, pass, secret
- token, api, key, auth, session
- ssn, social, credit, card, cvv, cvc, pin
- email, e-mail, mail
- phone, tel
Detects email addresses in:
- Input field values
- Textarea content
- Text nodes throughout the page
User-defined selectors for edge cases and specific applications.
- Bun (latest version)
- Node.js 18+ (for compatibility)
# Development with hot reload and websocket auto-refresh
bun run dev
# Build for production
bun run build
# Package for distribution (creates .zip file)
bun run pack
# Run tests
bun test
# Run tests in watch mode
bun test --watch
# Lint and format code
bunx @biomejs/biome check --write src/The bun run dev command:
- Watches
src/andpublic/directories for changes - Rebuilds the extension automatically
- Sends reload signal via WebSocket server on port 8080
- Content script listens for reload messages (if configured)
This project uses Biome for linting and formatting:
- Enforces consistent code style
- Catches common errors
- Automatically formats on commit (if git hooks configured)
Tests are written using Bun's built-in test runner:
- Unit tests for utility functions (src/tests/utils.test.ts)
- Selector parsing tests (src/tests/selectors.test.ts)
- Masking logic tests (src/tests/masking.test.ts)
Run tests with bun test or enable watch mode with bun test --watch.
All settings are stored using Chrome's chrome.storage.sync API, which:
- Synchronizes across devices when signed into Chrome
- Persists data across browser sessions
- Has a limit of 100KB total storage
- Comma-separated or newline-separated CSS selectors
- Standard CSS selector syntax (class, ID, attribute, pseudo-selectors, etc.)
- Invalid selectors are silently ignored
- Global rules: Applied to all websites
- Per-site rules: Only applied to matching hostnames
- Per-site rules do not override global rules; both are applied
Theme preference is saved to Chrome storage and reapplied on popup open.
- Sandboxed iframes: Cannot access content inside sandboxed iframes due to browser security restrictions
- Some dynamic content: Certain edge cases with heavily dynamic content may require page refresh (e.g., StackOverflow Google login popup)
- Performance: Large pages with frequent DOM mutations may experience slight delays (mitigated by 10ms throttling)
- Cross-origin iframes: Cannot mask content in iframes from different origins
- Move to TypeScript
- Modern build system with Bun
- Icon assets
- Theme switcher
- Publish to Chrome Web Store
- Firefox Add-ons support
- Fix iframe content masking where possible
- Performance optimizations for large pages
- Additional sensitive data patterns (IP addresses, MAC addresses, etc.)
- Import/export configuration
- Keyboard shortcuts
Contributions are welcome! Please follow these guidelines:
- Fork the repository and create a feature branch
- Follow code style: Use Biome for consistent formatting
bunx @biomejs/biome check --write src/
- Write tests: Add tests for new functionality in
src/__tests__/ - Test thoroughly: Ensure
bun testpasses and manually test the extension - Submit a pull request with a clear description of changes
# Create a feature branch
git checkout -b feature/your-feature-name
# Make changes and test
bun run dev
# Run tests
bun test
# Format and lint
bunx @biomejs/biome check --write src/
# Commit and push
git add .
git commit -m "Add feature: description"
git push origin feature/your-feature-nameMIT License - see LICENSE file for details.
This extension:
- Does NOT collect or transmit any data
- Does NOT track user behavior
- Only stores configuration locally in Chrome storage
- Runs entirely offline after installation
All sensitive information processing happens locally in your browser.