But in the midst of sniffing out bad links, I came upon a very odd feature hidden in the HTML of one of my pages:
In the source, I see a large and odd looking block of code in a “hidden” tag called “data-preloaded”. It seems like a link to a bunch of different things, but honestly, it looks like link stuffing or something odd like that. Two questions:
What is the purpose of this block?
Is there any reason to be concerned about it, like if there would be sensitive information place in there?
Much like when I peek under the hood of my car, I see things that are quite complicated and sometimes messy, but not necessarily broken or nefarious. I’m curious all the same.
This block of data contains the “after-boot” information for the Discourse JS app. When you hard-reload a topic page, the block contains the information needed to render the topic, without contacting the server again.
It’ll show up on every Discourse page when you view source or hard refresh. If you’re navigating around by clicking, though, the block isn’t used and data is fetched dynamically from the server.
Note that not every page actually supports the preload block, so on those pages the content will be empty and a second request to fetch the real data for the page will be required. The important pages support it.
The contents are personalized to you while logged in, yes, but there shouldn’t be any sensitive information that you don’t already have access to.