Google had an HTML injection bug... it’s now fixed. Before, you could access this URL and see a JavaScript alert (one you injected into the page, which can be abused for XSS, cross-site scripting). This security hole, as discussed on SecurityFocus, has been closed, possibly due to pointers sent to security@google.com. HTML injections are very common on many websites, but I was surprised to see this at Google.com.
>> More posts
Advertisement
This site unofficially covers Google™ and more with some rights reserved. Join our forum!