Client Component
This component illustrates how data leakage can occur in Next.js.
Customer data was fetched straight from the repository with getCustomers() and injected into the JSX of the component. As a result, the secret field that was included in the Customer DB table was exposed to the browser.
You can confirm this by inspecting the HTML source of the page and searching for "secret".
To prevent this, you should always map the database response to DTOs that exclude sensitive fields, before injecting the values into the JSX return value.
| First Name | Last Name | Full Name |
|---|---|---|
| Sazae | Fuguta | Sazae Fuguta |
| Katsuo | Isono | Katsuo Isono |