tel:-links should probably be scrubbed

[jgarplind]

Is there an existing issue for this?

• I have checked for existing issues https://github.com/getsentry/sentry-javascript/issues
• I have reviewed the documentation https://docs.sentry.io/
• I am using the latest SDK release https://github.com/getsentry/sentry-javascript/releases

How do you use Sentry?

Sentry Saas (sentry.io)

Which SDK are you using?

@sentry/react

SDK Version

9.10.1

Framework Version

18.3.1

Link to Sentry event

No response

Reproduction Example/SDK Setup

No response

Steps to Reproduce

User "dead clicked" a tel:-link, containing a real phone number.

Expected Result

The phone number should be scrubbed, since phone numbers are generally PII(?)

I understand that we can manually do this scrubbing in beforeSend, but it seems like a generic issue.

Actual Result

[chargome]

@jgarplind thanks for reporting this one as well.

@s1gr1d one more for PII

[mydea]

This is a bit trickier because it makes masking dependent on the attribute value 🤔 But it should be doable in maskAttribute, if it is an <a> element and a href attribute to check if it starts with email or tel to mask it 🤔