Sunday, August 19, 2012

The Bug Which Wasn't A Bug

Dear members and guests of InterN0T,

Today it's a little bit over 7 months since I reported a bug to Google ( and for old times sake, I wanted to try out the proof of concept. Primarily because I like seeing "old" bugs I found, not getting fixed as they make me laugh.

Of course the purpose of reporting a bug is hoping they do get fixed, but as Google deemed this a non-bug in January 2012 I thought they would never encode apostrophes, and therefore be ignorant of the potential threat this minor bug in encoding could pose.

Apparently they fixed this bug within the last 3 months or so, meaning they apparently did deem it as a bug, but where am I on the Hall of Fame? I don't care about the monetary reward, but I do care about credit. Back in January 2012, Google only encoded quotes (") and angle brackets (<, >), but now they also encode apostrophes ('), meaning they definitely fixed the bug / updated their sanitisation function.

This naturally makes me annoyed to see Google acting this way, first saying it's not a bug, then fixing it a couple of months later without any notification. Next time I find a bug I probably won't be so kind to inform them first. Instead I will probably drop it as a 0day, as a reminder of giving credit where it should be given.

I know this is a dead blog, used primarily for emergency purposes only if InterN0T is down, but posting an entry here about this bug, will probably get more attention from Google than if I post it on InterN0T.

Best regards,