Issue 810732 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Feb 2018
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Google Doodle webpage renders JavaScript as plaintext

Reported by verma.sa...@gmail.com, Feb 9 2018

Issue description

Can see doodle code when the doodle is yet to be released,
For example, the 10th February doodle which is not yet released,

https://www.google.com/doodles/series/snowgames?id=71389797

The doodle doesn't load and the code can be seen.

However the code in minimized, but the logic can be retrieved from this.
Also it doesn't look good.

	googlebugscreenshot.png 222 KB View Download

googledoodlecode
9.8 KB View Download

Comment 1 by elawrence@chromium.org, Feb 9 2018

Status: WontFix (was: Unconfirmed)
Summary: Security: Google Doodle webpage renders JavaScript as plaintext (was: Security: Can see google code)

Display of JavaScript code does not represent a security bug in the browser. 

It's not clear why this page is behaving in this way, but it's not very likely to be a security bug in the site in question either. However, the proper place to report security issues in Google's sites and services is via their Vulnerability Reward Program; please see https://www.google.com/about/appsecurity/reward-program/

Project Member

Comment 2 by sheriffbot@chromium.org, May 18 2018

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 810732 link

Issue metadata

Security: Google Doodle webpage renders JavaScript as plaintext

Issue description

Comment 1 by elawrence@chromium.org, Feb 9 2018

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, May 18 2018

Comment 2 Deleted

Sign in to add a comment