cancelar
Mostrar resultados para
Busca en su lugar
Quisiste decir:
Highlighted

verizonwireless.com console.log() should be removed

Miembro

So it turns out Verizon left debug code intact on their website:

Screen Shot 2020-07-09 at 10.06.13 AM.png

When viewing the Login source code, we can see console.log is enabled for both username and password fields:

console.log("IDToken1"+$j(this).val());

console.log("IDToken1 else button"+$j(this).val());

There is one more username/password logging, unsure how to reach this one, but still should not be here:

console.log("IDToken1"+$j(this).val());

There is no reason to log this in production. It serves no purpose.

I also found this, but unsure as of yet what it's intended to log:

console.log("isOfferShortLivedPassword : "+isOfferShortLivedPassword +"isUserNameOnly : "+isUserNameOnly +" onestep : "+onestep);

But really, again, console.log is great in staging, but not production. 

Additionally, there are a ton of unhandled promises, and references to null variables. This really should be fixed.

0 Likes