Title: Theme’s javascript exposing too much
Last modified: January 17, 2019

---

# Theme’s javascript exposing too much

 *  Resolved [marcing00](https://wordpress.org/support/users/marcing00/)
 * (@marcing00)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/themes-javascript-exposing-too-much/)
 * Good morning,
    I recently instaled this theme. What I discovered is that by looking
   at the page source, the theme includes some javascript which is exposing some
   information about life links which could be run by an attacker.
 * I’m wondering if there is a workaround to either hide this/improve the theme 
   or remove ?
 * Here is an example from my testing site:
 * ————————–
    <script type=’text/javascript’> /* <![CDATA[ */ var CZRParams = {“
   assetsPath”:”https:\/\/www.my.website.com\/wp-content\/themes\/customizr\/assets\/
   front\/”,”_disabled”:[],”centerSliderImg”:”1″,”isLightBoxEnabled”:”1″,”SmoothScroll”:{“
   Enabled”:true,”Options”:{“touchpadSupport”:false}},”isAnchorScrollEnabled”:””,”
   anchorSmoothScrollExclude”:{“simple”:[“[class*=edd]”,”.carousel-control”,”[data-
   toggle=\”modal\”]”,”[data-toggle=\”dropdown\”]”,”[data-toggle=\”czr-dropdown\”]”,”[
   data-toggle=\”tooltip\”]”,”[data-toggle=\”popover\”]”,”[data-toggle=\”collapse\”]”,”[
   data-toggle=\”czr-collapse\”]”,”[data-toggle=\”tab\”]”,”[data-toggle=\”pill\”]”,”[
   data-toggle=\”czr-pill\”]”,”[class*=upme]”,”[class*=um-]”],”deep”:{“classes”:[],”
   ids”:[]}},”timerOnScrollAllBrowsers”:”1″,”centerAllImg”:”1″,”HasComments”:””,”
   LoadModernizr”:”1″,”stickyHeader”:””,”extLinksStyle”:””,”extLinksTargetExt”:””,”
   extLinksSkipSelectors”:{“classes”:[“btn”,”button”],”ids”:[]},”dropcapEnabled”:””,”
   dropcapWhere”:{“post”:””,”page”:””},”dropcapMinWords”:””,”dropcapSkipSelectors”:{“
   tags”:[“IMG”,”IFRAME”,”H1″,”H2″,”H3″,”H4″,”H5″,”H6″,”BLOCKQUOTE”,”UL”,”OL”],”
   classes”:[“btn”],”id”:[]},”imgSmartLoadEnabled”:””,”imgSmartLoadOpts”:{“parentSelectors”:[“[
   class*=grid-container], .article-container”,”.__before_main_wrapper”,”.widget-
   front”,”.post-related-articles”,”.tc-singular-thumbnail-wrapper”],”opts”:{“excludeImg”:[“.
   tc-holder-img”]}},”imgSmartLoadsForSliders”:”1″,”pluginCompats”:[],”isWPMobile”:””,”
   menuStickyUserSettings”:{“desktop”:”stick_always”,”mobile”:”stick_always”},”adminAjaxUrl”:”
   https:\/\/www.my.website.com\/wp-admin\/admin-ajax.php”,”ajaxUrl”:”https:\/\/
   www.my.website.com\/?czrajax=1″,”frontNonce”:{“id”:”CZRFrontNonce”,”handle”:”
   72910f34e7″},”isDevMode”:””,”isModernStyle”:”1″,”i18n”:{“Permanently dismiss”:”
   Permanently dismiss”},”frontNotifications”:{“welcome”:{“enabled”:false,”content”:””,”
   dismissAction”:”dismiss_welcome_note_front”}}}; /* ]]> */ </script> ————————–
 * Marcing

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Theme Author [presscustomizr](https://wordpress.org/support/users/nikeo/)
 * (@nikeo)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/themes-javascript-exposing-too-much/#post-11100119)
 * Hello, the theme uses the WordPress built-in `wp_localize_script()` function 
   to add javascript variables on front. The values of those variables are then 
   used by the front javascript, typically to add effects or styling.
    The theme
   does not expose any critical or private data doing so. In your example, which
   type of “life links”, or critical data are you referring too ? Thanks
 *  Thread Starter [marcing00](https://wordpress.org/support/users/marcing00/)
 * (@marcing00)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/themes-javascript-exposing-too-much/#post-11108052)
 * You are right…
    I noticed some links and I thought that this might be because
   of the theme..
 * Example:
    ”https:\/\/www.my.website.com\/wp-admin\/admin-ajax.php”
 * Looks like it is more for wordpress in general..
    Probably topic is more for 
   WordPress itself…
 * Sorry for false alert related to the theme.. I love it anyway
 *  Theme Author [presscustomizr](https://wordpress.org/support/users/nikeo/)
 * (@nikeo)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/themes-javascript-exposing-too-much/#post-11108103)
 * OK no worries, this will help users having similar questions.
    the admin-ajax.
   php url is the end point of the [WordPress ajax API](https://codex.wordpress.org/Plugin_API/Action_Reference/wp_ajax_(action)).
   The url is the same for any WP website, there’s no problem to print it as JS 
   var on front.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Theme’s javascript exposing too much’ is closed to new replies.

 * ![](https://i0.wp.com/themes.svn.wordpress.org/customizr/4.4.24/screenshot.png)
 * Customizr
 * [Support Threads](https://wordpress.org/support/theme/customizr/)
 * [Active Topics](https://wordpress.org/support/theme/customizr/active/)
 * [Unresolved Topics](https://wordpress.org/support/theme/customizr/unresolved/)
 * [Reviews](https://wordpress.org/support/theme/customizr/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [presscustomizr](https://wordpress.org/support/users/nikeo/)
 * Last activity: [7 years, 4 months ago](https://wordpress.org/support/topic/themes-javascript-exposing-too-much/#post-11108103)
 * Status: resolved