Added decryption mechanism for "initial-page" data if the text content is not a string #399
Comments
|
Issue: The client config is completely exposed in the site page source. Details: The Quintype framework client expects a configuration which is loaded in the redux store which in turn is used by the application throughout. This configuration is used by the function "startApp" which uses another function "getJsonContent" in "@quintype/framework/client/start.js" to pick up that data from the "window" element itself. Currently, the "getJsonContent" function expects a JSON string which is parsed and used in the store. This JSON string is completely exposed in the site page source as this gets loaded with the initial load of the site. Solution: A simple encryption mechanism has been applied on the client side which shows encrypted data in the page site. On the package level, the function "getJsonContent" has been modified to accept such encoded data, decrypt it and parse it accordingly. The original functionality still remains intact in case other clients do not wish to do the same. A pull request has been raised for the update. #398 Please review. @Jeevan-Kishore |
|
This is not encryption mechanism, this is encoding. This will be done from the browser end and we do not gain anything from this. Hence, this PR cannot be merged. CC: @Jeevan-Kishore |
|
They have the option to apply the identical solution we previously suggested, which involves adding a filter to initial page in the layout.ejs file, as it appears to be the most efficient resolution. |
|
Sorry, I may have missed out the filter part. What filter are we talking about here and what does that filter do? |
|
@shraddha-kesari Could you please look into this request |
|
@ankur-bqprime The first suggestion we provided for this request. Copy pasting here again - |
No description provided.
The text was updated successfully, but these errors were encountered: