intercom · jklina · Sep 3, 2025
diff --git a/lib/intercom-rails/script_tag.rb b/lib/intercom-rails/script_tag.rb
@@ -17,8 +17,8 @@ class ScriptTag
     include ::ActionView::Helpers::JavaScriptHelper
     include ::ActionView::Helpers::TagHelper
 
-    attr_reader :user_details, :company_details, :show_everywhere, :session_duration
-    attr_accessor :secret, :widget_options, :controller, :nonce, :encrypted_mode_enabled, :encrypted_mode, :jwt_enabled, :jwt_expiry
+    attr_reader :published_user_details, :company_details, :show_everywhere, :session_duration
+    attr_accessor :user_details, :secret, :widget_options, :controller, :nonce, :encrypted_mode_enabled, :encrypted_mode, :jwt_enabled, :jwt_expiry
 
     def initialize(options = {})
       self.secret = options[:secret] || Config.api_secret
@@ -38,6 +38,8 @@ def initialize(options = {})
       lead_attributes = find_lead_attributes
 
       self.user_details = initial_user_details.merge(lead_attributes)
+      user_details[:app_id] = app_id
+      @published_user_details = sanitize_user_details(user_details)
 
       self.encrypted_mode_enabled = options[:encrypted_mode] || Config.encrypted_mode
       self.encrypted_mode = IntercomRails::EncryptedMode.new(secret, options[:initialization_vector], {:enabled => encrypted_mode_enabled})
@@ -73,7 +75,7 @@ def valid_nonce?
     end
 
     def intercom_settings
-      hsh = user_details
+      hsh = published_user_details
       hsh[:session_duration] = @session_duration if @session_duration.present?
       hsh[:widget] = widget_options if widget_options.present?
       hsh[:company] = company_details if company_details.present?
@@ -141,9 +143,9 @@ def generate_jwt
       JWT.encode(payload, secret, 'HS256')
     end
 
-    def user_details=(user_details)
-      @user_details = DateHelper.convert_dates_to_unix_timestamps(user_details || {})
-      @user_details = @user_details.with_indifferent_access.tap do |u|
+    def sanitize_user_details(user_details)
+      sanitize_user_details = DateHelper.convert_dates_to_unix_timestamps(user_details || {})
+      sanitize_user_details.with_indifferent_access.tap do |u|
         [:email, :name, :user_id].each { |k| u.delete(k) if u[k].nil? }
 
         if secret.present?

diff --git a/spec/script_tag_spec.rb b/spec/script_tag_spec.rb
@@ -313,6 +313,7 @@ def user
         user_details: { user_id: '1234' },
         jwt_enabled: false
       )
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:intercom_user_jwt]).to be_nil
     end
 
@@ -321,6 +322,7 @@ def user
         user_details: { user_id: '1234' },
         jwt_enabled: true
       )
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:intercom_user_jwt]).to be_present
     end
 
@@ -329,6 +331,7 @@ def user
         user_details: { user_id: '1234' },
         jwt_enabled: true
       )
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:user_hash]).to be_nil
     end
 
@@ -339,6 +342,7 @@ def user
         jwt_enabled: true
       )
 
+      expect(script_tag).to be_valid
       jwt = script_tag.intercom_settings[:intercom_user_jwt]
       decoded_payload = JWT.decode(jwt, 'super-secret', true, { algorithm: 'HS256' })[0]
 
@@ -350,6 +354,7 @@ def user
         user_details: { email: 'test@example.com' },
         jwt_enabled: true
       )
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:intercom_user_jwt]).to be_nil
     end
 
@@ -359,6 +364,7 @@ def user
         user_details: { user_id: '1234' },
         jwt_enabled: true
       )
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:intercom_user_jwt]).to be_nil
     end
 
@@ -372,6 +378,7 @@ def user
         jwt_enabled: true
       )
 
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:intercom_user_jwt]).to be_present
       expect(script_tag.intercom_settings[:user_id]).to be_nil
       expect(script_tag.intercom_settings[:email]).to eq('test@example.com')
@@ -388,6 +395,7 @@ def user
         jwt_enabled: false
       )
 
+      expect(script_tag).to be_valid
       expect(script_tag.intercom_settings[:user_id]).to eq('1234')
       expect(script_tag.intercom_settings[:email]).to eq('test@example.com')
       expect(script_tag.intercom_settings[:name]).to eq('Test User')
@@ -410,6 +418,7 @@ def user
           jwt_enabled: true
         )
 
+        expect(script_tag).to be_valid
         jwt = script_tag.intercom_settings[:intercom_user_jwt]
         decoded_payload = JWT.decode(jwt, 'super-secret', true, { algorithm: 'HS256' })[0]