Tell us and our members who you are, what you like and why you became a member of this site.
We welcome all new members and hope to see you around a lot!
Hi,
if I view source of a page with your plugin activated and I search for "joomla" word I find two occurrences.
One for "joomla-script-options" css class and one for "joomla.jtext" js method.
This is not very good for site security cause malware bot searching for cms name string in the page so It can apply correct exploit to hack the site.
Could you change this class and method name please?
The class "joomla-script-options" is Core Joomla - If you rename or remove it, many front-end functions will no longer work. joomla.jtext is Core Joomla front-end translations. If you rename or remove it, any javascript that displays text will not display any text.
Both things you've pointed out are Core Joomla output. I use it in my extensions, but I didn't create it.
Thanks, I've already secured my site with your suggests and others.
Sound strange you suggest to disable showing joomla version for security reasons while your plugin write joomla strings in the code.
I know now these classes are from joomla core, but my question is:
it's possible doing same things in a different way to avoid to show these unsafe line in page source?
For me this is very critical and I hope sincerely you could find a way to fix this.
My plugin does not write joomla strings in the output - Joomla does that. Any extension that uses JFactory::getDocument()->addScriptOptions() or JText::script() adds those strings - and many, many extensions do. Just using the Joomla login module adds a script option to enable the Joomla keepalive functionality.
There's nothing for me to fix, because it's in the Joomla core. It was discussed heavily at the time, and the decision was made to include those strings. It wasn't always this way - it happened sometime around Joomla 3.6.
