search

Automattic / jetpack

Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.
https://jetpack.com/
Other
1.58k stars 799 forks source link

Paywall Block Partially Discloses Paid Content via Meta Tags #34342

Open bobmatyas opened 9 months ago

bobmatyas commented 9 months ago

Impacted plugin

Jetpack

Quick summary

When using the Paywall Block, by default, Jetpack grabs a portion of the paid content and the first image that appears and uses them in the site meta data

Steps to reproduce

  1. Add a post with all content behind the Paywall block
  2. On the frontend as a non-logged in user, you can't see the post content
  3. However, when viewing the meta tags in the head a portion of the post and the first image (if added to a post) is accessible.

A clear and concise description of what you expected to happen.

I would expect that we would hide this info by default using a meta tag like "This content is for paid subscribers only").

What actually happened

disclose-content-01

disclose-content-02

Impact

Some (< 50%)

Available workarounds?

No but the platform is still usable

Platform (Simple and/or Atomic)

No response

Logs or notes

No response

jeherve commented 9 months ago

related: #34343

jeherve commented 9 months ago

@Automattic/zap Is that something you could look at?

Thank you!

bizanimesh commented 7 months ago

Checking with the team: p1707275242069129-slack-C052XEUUBL4

candy02058912 commented 1 month ago

Hi @Automattic/zap , from the Slack conversation linked above, this doesn't feel like a high priority task so I'm setting the priority to Normal for this issue.

As part of pb5gDS-3YO-p2, we’re trying to ensure that every high priority issue on The One Board is going to be actively worked on (has updates to it within 2 weeks) to reflect the priority of the issue.

Thanks 🙏