Exposure of sensitive data in HTML
-
I’ve recently discovered an error within browser dev console which exposes the hidden fields & data configured via the DTX plugin, including post author’s email which is considered sensitive. The following is a redacted excerpt of the error, referencing “non-unique id’s” being used across the ‘dynamichidden’ fields configured within the contact form. When attempting to add a unique id or class to the string, the syntax isn’t accepted. This occurs on all pages where this contact form is being used:
[DOM] Found 4 elements with non-unique id #: (More info: )
“input type=?”hidden” name=?”custom-post-author-name-shortcode” id class=?”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=?”false” value=?”NAME REDACTED””
“input type=?”hidden” name=?”your-email” id class=?”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=?”false” value”
“input type=?”hidden” name=?”Posttitle” id class=?”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=?”false” value=?”TITLE REDACTED””
“input type=?”hidden” name=?”custom-post-author-email-shortcode” id class=?”wpcf7-form-control wpcf7-hidden wpcf7dtx wpcf7dtx-hidden” aria-invalid=?”false” value=?”[email protected]””Keen to understand how to resolve the issue.
Many thanks in advance.
- You must be logged in to reply to this topic.