Two things we've learned: Google is quick about patching security flaws; we can expect that as Google increases its dominance on the Web, it will become a bigger target for hackers.
Dutiful experts reported this week that a cross-site scripting (XSS) vulnerability could allow malicious hackers to access services associated with Google Accounts. Reluctant to reveal the details of the security hole, these investigators alerted Google to the HTML issue, which Google promptly corrected.
Google said it received no reports of any compromised accounts, but as David Utter wrote yesterday, this a hit to the online giant's trust bank. Users, perhaps more than Google, dislike reading advice telling them to log out of their accounts when surfing the Web or risk having their accounts hi-jacked.
But it could have been nastier than hackers screwing around with Google Documents and Spreadsheets, or Gmail accounts.
Found an error or have a suggestion? Let us know and we'll review it.
 {
function initCopyableSections() {
document.querySelectorAll('.article-content .copyable-section').forEach(function(section) {
if (section.querySelector('.copyable-section__btn')) return;
var btn = document.createElement('button');
btn.type = 'button';
btn.className = 'copyable-section__btn';
btn.setAttribute('aria-label', 'Copy to clipboard');
var label = section.getAttribute('data-copy-label');
btn.textContent = label ? 'Copy ' + label : 'Copy';
section.appendChild(btn);
btn.addEventListener('click', function() {
var contentEl = section.querySelector('.copyable-section__content');
var text;
if (contentEl) {
text = contentEl.textContent.trim();
} else {
var clone = section.cloneNode(true);
var btnClone = clone.querySelector('.copyable-section__btn');
if (btnClone) btnClone.parentNode.removeChild(btnClone);
text = clone.textContent.trim();
}
if (!text) return;
navigator.clipboard.writeText(text).then(function() {
var t = btn.textContent;
btn.textContent = 'Copied!';
btn.classList.add('copied');
setTimeout(function() {
btn.textContent = t;
btn.classList.remove('copied');
}, 2000);
});
});
});
}
if (document.readyState === 'loading') {
document.addEventListener('DOMContentLoaded', initCopyableSections);
} else {
initCopyableSections();
}
})();
</script>
<!-- Tags -->
<!-- Correction Form -->
<div class=)
Suggest a Correction
Google XSS Flaw Patched
0 views
Comments (0)
Please sign in to leave a comment.
No comments yet. Be the first to comment!