The init function contains code that dumps all field names and labels in a JSON string to the DOM, but it doesn't check to make sure a user is logged in first. So on the CP login page, viewing the page source shows the handles and names of all fields you have created in Craft.
It may not be a critical concern for most sites, but for some Craft sites out there it may reveal something sensitive. And it is, essentially, laying out what all the column names in the content table are.
mmikkel
commented
7 years ago
The
initfunction contains code that dumps all field names and labels in a JSON string to the DOM, but it doesn't check to make sure a user is logged in first. So on the CP login page, viewing the page source shows the handles and names of all fields you have created in Craft.It may not be a critical concern for most sites, but for some Craft sites out there it may reveal something sensitive. And it is, essentially, laying out what all the column names in the
contenttable are.