Skip to content

fix: Ignore false-y identity values and remove email sanitization #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rmi22186 merged 5 commits into from
Nov 21, 2025
Merged

fix: Ignore false-y identity values and remove email sanitization #51

rmi22186 merged 5 commits into from
Nov 21, 2025

Conversation

@rmi22186
Copy link
Collaborator

@rmi22186 rmi22186 commented Nov 20, 2025

Summary

A customer was passing the following into an identity call

const ids = { 
   other: '', // blank hashed email),
   email: 'foo'
}

and this ended up in the Rokt Kit without removing the falsy other identity.

We perform several pieces of logic in our selectPlacements call, and so:

replaceOtherIdentityWithEmailsha256(ids) would result in:

{
emailsha256: '',
email: 'foo'
}

This is eventually passed to sanitizeEmailIdentities (line 197), which removes email if emailsha256 is present. We do this in order to avoid having a customer pass both an email and emailsha256 into selectPlacements. This then leads to

{
   emailsha256: ''
}

Any empty string gets sanitized by Rokt's SDK.

Solution: Ensuring other has a value, as opposed to just existing on the userIdentities object via hasOwnProperty resolves this.

Before: No email in the experiences call
image
After: email appears in the experiences call.
image

Testing Plan

Unit tests as well as overrode in customer site to ensure this worked properly.

samdozor
samdozor requested changes Nov 20, 2025
View reviewed changes
Copy link

@samdozor samdozor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How was it decided that we would prefer hashed email over raw? The platform always prefers to receive a raw value - it increases ability to CTL and match rates

@rmi22186
Copy link
Collaborator Author

rmi22186 commented Nov 20, 2025

]> How was it decided that we would prefer hashed email over raw? The platform always prefers to receive a raw value - it increases ability to CTL and match rates

@samdozor - This decision was guided by the fact that Rokt's legacy GTM wrapper does this - https://github.com/ROKT/gtm_wrapper/blob/master/src/gtm_wrapper.ts#L69-L85 - With the specific warning being:

console.warn(
				'ROKT: Both raw and hashed email values were provided with the SHA-256 hashing option selected. Only the hashed value will be used for integration.',
			);

My inference is that if the partner goes through the additional step of passing the hashed email, then that is their preference. LMK your thoughts

@rmi22186 rmi22186 changed the title fix: Ignore false-y identity values fix: Ignore false-y identity values and remove email sanitization Nov 20, 2025
@rmi22186 rmi22186 merged commit 346f554 into development Nov 21, 2025
4 checks passed
github-actions bot pushed a commit that referenced this pull request Nov 21, 2025
@mparticle-automation
chore(release): 1.13.1 [skip ci]
e1a52c2 
## [1.13.1](v1.13.0...v1.13.1) (2025-11-21)

### Bug Fixes

* Ignore false-y identity values and remove email sanitization ([#51](#51)) ([346f554](346f554))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samdozor samdozor samdozor approved these changes

@jaissica12 jaissica12 Awaiting requested review from jaissica12

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rmi22186 @samdozor