This forum has moved, please join us on github discussions. We will keep these old posts available for reference. Thank you!

UPDATE: What is the "hook" for that causes widget data to appear in the source code for each page?

#1

Hello,

I would like to prevent the content hidden from the following example not only from the visible layout of a page but also from “view source”:

if (personShouldNotSeeThis) {
 return (req.data.teaserOnly = true);
}

Then in nunjucks:

{% if not data.teaserOnly or data.widget["include-in-preview"] %}
  <stuff></stuff>
{% endif %}

This works great for views nunjucks templates, but the data still appears when you view source, i.e.:

<div 
  class="apos-area-widget-wrapper  "
  data-apos-widget-wrapper="content"
  >
  <div class="apos-area-widget   " data-apos-widget="content" data-apos-widget-id="w621938654353100000" data='{"_id":"w62193865435310000","title":"Test Content","include-in-preview":false,"body":{"items":[{"_id":"w134440327208000","type":"apostrophe-rich-text","content":"&lt;p&gt;This should not be showing in page source&lt;/p&gt;\n","__docId":"cjjlb36qb001j23l820000","__dotPath":"layout.items.5.body.items.0"}],"type":"area","_docId":"cjjlb36qb001j23l82000000","_dotPath":"layout.items.5.body"},"type":"content","__docId":"cjjlb36qb001j23l82000000","__dotPath":"layout.items.5"}' data-options='{"edit":false}' >
  </div>
</div>

Consequently, a tech-savvy user could still grab content that we are trying to keep from them with the teaserOnly trick.

What is the best place to look to prevent this data from making its way to the page source?

#3

The widget wrapper used by areas to render widgets is here: apostrophe-areas/views/widgetBase.html

data.dataFiltered is the output of manager.filterForDataAttribute(data)

You can see the default implementation for widgets in apostrophe-widgets/index.js
No data is included if the playerData property is set to false.

If you don’t ever need this data attribute (used e.g. in client-side self.play), you could just do:

module.exports = {
extend: ‘apostrophe-widgets’,
playerData: false,

// … rest of your widget config
};

in your widget’s index.js.

If you do need this data for client-side use; you’ll likely have to override the wrapper template for this widget (as described in apostrophe-areas/views/widgetBase.html)

Hope this helps someone, even so long after the original post :slight_smile:

1 Like