The init function contains code that dumps all field names and labels in a JSON string to the DOM, but it doesn't check to make sure a user is logged in first. So on the CP login page, viewing the page source shows the handles and names of all fields you have created in Craft.
It may not be a critical concern for most sites, but for some Craft sites out there it may reveal something sensitive. And it is, essentially, laying out what all the column names in the content table are.
The
init
function contains code that dumps all field names and labels in a JSON string to the DOM, but it doesn't check to make sure a user is logged in first. So on the CP login page, viewing the page source shows the handles and names of all fields you have created in Craft.It may not be a critical concern for most sites, but for some Craft sites out there it may reveal something sensitive. And it is, essentially, laying out what all the column names in the
content
table are.