search

Automattic / jetpack

Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.
https://jetpack.com/
Other
1.58k stars 799 forks source link

Meta Tags Partially Discloses Content on Paid Newsletters #34343

Open bobmatyas opened 9 months ago

bobmatyas commented 9 months ago

Impacted plugin

Jetpack

Quick summary

When using the paid newsletter feature, a portion of the content and an image (if available) will be used to generate meta tags for the post. This leads to a portion of the content being revealed.

Steps to reproduce

  1. Add a post for paid subscribers only
  2. View the post as a non-paid subscriber and view the page source
  3. Some content from the post will be auto-used to populate the meta tags in the head

A clear and concise description of what you expected to happen.

I expect we wouldn't use the paid content and image (if added) by default and instead indicate that the post is for paid users.

What actually happened

Screenshot 2023-11-28 at 11 28 30 Screenshot 2023-11-28 at 11 29 54

Impact

Some (< 50%)

Available workarounds?

No but the platform is still usable

Platform (Simple and/or Atomic)

No response

Logs or notes

No response

jeherve commented 9 months ago

@Automattic/zap Is that something you could look at?

Thank you!

jeherve commented 9 months ago

Related: #34342

bizanimesh commented 7 months ago

Checking with the team: p1707275242069129-slack-C052XEUUBL4

candy02058912 commented 1 month ago

Hi @Automattic/zap , from the Slack conversation linked above, this doesn't feel like a high priority task so I'm setting the priority to Normal for this issue.

As part of pb5gDS-3YO-p2, we’re trying to ensure that every high priority issue on The One Board is going to be actively worked on (has updates to it within 2 weeks) to reflect the priority of the issue.

Thanks 🙏