281fbc973e
refs https://github.com/TryGhost/Product/issues/4088 The Content API should not expose the lexical/mobiledoc source content because it's not membership-gated and although not used at the present time may in future contain additional internal metadata. We were handling this for the more-typical `?formats` param but it was still possible to access this data using the `?fields` param. - updated post mapper used in our API output serializers to strip the `mobiledoc` and `lexical` fields ready for API output - credits to Prathap Puthran for reporting |
||
|---|---|---|
| .. | ||
| content | ||
| core | ||
| test | ||
| .c8rc.e2e.json | ||
| .c8rc.json | ||
| .eslintignore | ||
| .eslintrc.js | ||
| .npmignore | ||
| config.development.json | ||
| ghost.js | ||
| index.js | ||
| jsconfig.json | ||
| loggingrc.js | ||
| MigratorConfig.js | ||
| newrelic.js | ||
| package.json | ||
| playwright.config.js | ||