Comment on Apple forgot to disable production source maps on the App Store web app
mudkip@lemdro.id 4 days agoNot about client-side vs server-side. It’s unminified source code containing comments, links to internal tickets and private repositories. That’s the exact reason it’s meant to be stripped at build time, not because of FUD but because it’s a legitimate risk.
FreedomAdvocate@lemmy.net.au 4 days ago
You know you can un-minify code, don’t you? Minifying it doesn’t encrypt it. The links to internal tickets and private repositories would still be there even if they minify it.
Links to internal tickets and repos aren’t a security issue btw.
mudkip@lemdro.id 4 days ago
Minifying is a one way process and once it’s done, you lose the names of all variables and functions. And no, they wouldn’t be present because comments are stripped.
bookmeat@lemmynsfw.com 4 days ago
No, this is food for exploit-searching AI. Private comments and tickets, etc is what they use to leverage targeted attacks.