Exposure of sensitive data in HTML

  • Resolved dciphered

    (@dciphered)


    1 year, 4 months ago

    I’ve recently discovered an error within browser dev console which exposes the hidden fields & data configured via the DTX plugin, including post author’s email which is considered sensitive. The following is a redacted excerpt of the error, referencing “non-unique id’s” being used across the ‘dynamichidden’ fields configured within the contact form. When attempting to add a unique id or class to the string, the syntax isn’t accepted. This occurs on all pages where this contact form is being used:

    [DOM] Found 4 elements with non-unique id #: (More info: )
    “input type=​”hidden” name=​”custom-post-author-name-shortcode” id class=​”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=​”false” value=​”NAME REDACTED””
    “input type=​”hidden” name=​”your-email” id class=​”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=​”false” value”
    “input type=​”hidden” name=​”Posttitle” id class=​”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=​”false” value=​”TITLE REDACTED””
    “input type=​”hidden” name=​”custom-post-author-email-shortcode” id class=​”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=​”false” value=​”SOMETHING@gmail.com””

    Keen to understand how to resolve the issue.

    Many thanks in advance.

    • This topic was modified 1 year, 4 months ago by dciphered.
    • This topic was modified 1 year, 4 months ago by dciphered.
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Exposure of sensitive data in HTML’ is closed to new replies.