Draft page titles in menu navigation are exposed

[brynwhyman]

Overview

As I understand it, the intention of this feature is to share only the draft changes for a single page. If someone was to click a link or navigate within the tokened-page, they should only see published content. The link created with this feature should only show draft changes for the page it relates to.

However, it is also possible to see a draft page title in the website navigation menu. This could surface a 'secret' page that's in a draft state that may not be appropriate for the audience of the shared-draft-link to view. Feels like a pretty low risk issue, but worth noting.

Steps to recreate:

1. Create a page titled "Draft title", save but do not publish the page
2. Create a second page titled "Content for sharing", save the page
3. Create a shared-draft-link for the second page
4. Access the link and see that not only do you see the draft content for the "Content for sharing" page, but also for draft changes outside of this page (the other "Draft title")

Notes

It feels like documenting this limitation could be enough? I can't think of a scenario where this could be worse. Plus it's assumed that anyone viewing the draft-link should hold a level of trust already.

[maxime-rainville]

Fixing this would be an absolute nightmare. The page is rendered in the Stage mod. We don't have a way of knowing this part of the page should be rendered in draft, but this other part needs to use the Live data.

I would close this as a WONT FIX.

[michalkleiner]

I'd be happy with this being documented as a known limitation. Agree with Maxime that there's no easy way of fixing this.