Notes on Yandex and Google test
At the Ukrainian Web Challenge 2011 Web Developers Championship ( http://uwc.org.ua/ ), where the MUK group of companies acted as a partner, web testers tested Yandex and Google systems for vulnerabilities / bugs and bugs and shortcomings .
According to the organizers of the championship, detected bugs affecting security will not be published, for obvious reasons. However, we would like to share non-critical finds with you right now.
So, under the cut that was found.
')
Google
When setting up an e-mail account in Google, if you enter a password in the corresponding field and then erase it, the password strength indicator is still visible near the field.
1. Open the Google account creation page.
2. In the password field, enter the value to display the complexity indicator.
3. Delete password: call the context menu and select "Cancel".
Expected result: password strength level is not displayed. In fact: the password strength level is still displayed.
The “Delete” item in the browser context menu does not work in the password field.
1. Open the Google account creation page.
2. Enter a value in the password field.
3. Highlight the entered value.
4. Call the context menu and select the “Delete” item.
Expected result: the field contents are deleted. In fact: the contents of the field are not deleted.
You can not change (without reloading the page) the current picture with characters (captcha), designed to protect against robots
1. Go to the Google Email account password recovery page.
2. Enter your email address and click the "Send" button.
Expected result: the possibility of changing the picture with the characters. In fact: there is no button for changing one picture to another; This may cause inconvenience to the user, since not every picture can be uniquely recognized by the user.
The option “Show search results in a new window” does not work.
1. Open the Google search page.
2. Go to “Search Settings”.
3. Set the checkbox "Show search results in a new window."
4. Perform a search in the same tab or in a new one.
Expected result: search results are displayed in a new window. Actually: the search results are displayed in the current window.
In Chrome 10, the “x” button, which clears the search query field, does not display the entire outline.
1. Open the Google search page.
2. Enter the search phrase.
3. Click on the "x" button in the search box.
Expected result: the contour is displayed around the perimeter of the button. In fact: the outline of the button is not fully displayed.
When exporting contacts to Outlook, we get an error of the form: “htps: //mail.google.com/mail/c/data/export? ExportType = ALL & out = OUTLOOK_CSV & tok = 7utaci8BAAA.5XJRah4cFl_L6n7CEPTQdg.tBvED96aC_pFtp
1. Log in to your Google email account.
2. In the settings, select the interface language "Ukrainian".
3. Go to the "Contacts" section.
4. Select "Dodatkovi dii - Eksportuvaty ...".
5. Select the type of export to Outlook format.
6. Execute export.
Expected result: correct export without errors. Actually: the error appears for export to any format, but differs only in the “out” parameter in the link.
Google translator
When you try to upload an incorrect file for translation: an error appears as shown in the figure below.
a. incorrect title of the “Translated version 1.jpg” page: this suggests that the file has been transferred (see label 1 in the figure);
b. the word “Error” needs to be translated into Russian, since the subdomain is oriented towards the Russian-speaking user (see tag 2 in the figure);
c. the phrase “Please select one of the options” means that more than one option is offered. This is contrary to the fact that one link is given below (see label 3 in the figure).
The source code of Yandex pages does not contain html, head, body tags, which is not correct .
When performing a test case, instead of the London subway map, the Moscow metro map is displayed.
1. Open the page yandex.ru.
2. Go to the "Maps" section.
3. Enter London in the search field and click "Find".
4. Go to the link "Metro scheme".
Expected result: the withdrawal of the London metro scheme. In fact: the output of the Moscow metro scheme.
Service "My finds"
When you switch to the My Finds service in the Ukrainian version of Yandex, you are redirected to the .ru domain with the Russian-language interface.
Yandex.Video service
The Yandex.Video service is poorly adapted to work on the “netbook resolution” 1024x600: the design is distorted, even if it is impossible to use the service.
Yandex money
On the Yandex.Money pages in the basement of the site (footer), the date of foundation of the Yandex company is recorded as 2002, and on the main page of the site - 2001. At first there was an assumption that this Yandex.Money service was founded in 2002, but then what is 2007– 2011 "PS Yandex.Money"? This is misleading.
The main:
Yandex money:
In the mobile version, the same story:
Export summary
When exporting a resume on the My Circle service, the web application does not work correctly with Cyrillic — in the case of Cyrillic user names and surnames:
Not a mistake, but nice :)
Works without problems
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
According to the organizers of the championship, detected bugs affecting security will not be published, for obvious reasons. However, we would like to share non-critical finds with you right now.
So, under the cut that was found.
')
When setting up an e-mail account in Google, if you enter a password in the corresponding field and then erase it, the password strength indicator is still visible near the field.
1. Open the Google account creation page.
2. In the password field, enter the value to display the complexity indicator.
3. Delete password: call the context menu and select "Cancel".
Expected result: password strength level is not displayed. In fact: the password strength level is still displayed.
The “Delete” item in the browser context menu does not work in the password field.
1. Open the Google account creation page.
2. Enter a value in the password field.
3. Highlight the entered value.
4. Call the context menu and select the “Delete” item.
Expected result: the field contents are deleted. In fact: the contents of the field are not deleted.
You can not change (without reloading the page) the current picture with characters (captcha), designed to protect against robots
1. Go to the Google Email account password recovery page.
2. Enter your email address and click the "Send" button.
Expected result: the possibility of changing the picture with the characters. In fact: there is no button for changing one picture to another; This may cause inconvenience to the user, since not every picture can be uniquely recognized by the user.
The option “Show search results in a new window” does not work.
1. Open the Google search page.
2. Go to “Search Settings”.
3. Set the checkbox "Show search results in a new window."
4. Perform a search in the same tab or in a new one.
Expected result: search results are displayed in a new window. Actually: the search results are displayed in the current window.
In Chrome 10, the “x” button, which clears the search query field, does not display the entire outline.
1. Open the Google search page.
2. Enter the search phrase.
3. Click on the "x" button in the search box.
Expected result: the contour is displayed around the perimeter of the button. In fact: the outline of the button is not fully displayed.
When exporting contacts to Outlook, we get an error of the form: “htps: //mail.google.com/mail/c/data/export? ExportType = ALL & out = OUTLOOK_CSV & tok = 7utaci8BAAA.5XJRah4cFl_L6n7CEPTQdg.tBvED96aC_pFtp
1. Log in to your Google email account.
2. In the settings, select the interface language "Ukrainian".
3. Go to the "Contacts" section.
4. Select "Dodatkovi dii - Eksportuvaty ...".
5. Select the type of export to Outlook format.
6. Execute export.
Expected result: correct export without errors. Actually: the error appears for export to any format, but differs only in the “out” parameter in the link.
Google translator
When you try to upload an incorrect file for translation: an error appears as shown in the figure below.
a. incorrect title of the “Translated version 1.jpg” page: this suggests that the file has been transferred (see label 1 in the figure);
b. the word “Error” needs to be translated into Russian, since the subdomain is oriented towards the Russian-speaking user (see tag 2 in the figure);
c. the phrase “Please select one of the options” means that more than one option is offered. This is contrary to the fact that one link is given below (see label 3 in the figure).
Yandex
The source code of Yandex pages does not contain html, head, body tags, which is not correct .
When performing a test case, instead of the London subway map, the Moscow metro map is displayed.
1. Open the page yandex.ru.
2. Go to the "Maps" section.
3. Enter London in the search field and click "Find".
4. Go to the link "Metro scheme".
Expected result: the withdrawal of the London metro scheme. In fact: the output of the Moscow metro scheme.
Service "My finds"
When you switch to the My Finds service in the Ukrainian version of Yandex, you are redirected to the .ru domain with the Russian-language interface.
Yandex.Video service
The Yandex.Video service is poorly adapted to work on the “netbook resolution” 1024x600: the design is distorted, even if it is impossible to use the service.
Yandex money
On the Yandex.Money pages in the basement of the site (footer), the date of foundation of the Yandex company is recorded as 2002, and on the main page of the site - 2001. At first there was an assumption that this Yandex.Money service was founded in 2002, but then what is 2007– 2011 "PS Yandex.Money"? This is misleading.
The main:
Yandex money:
In the mobile version, the same story:
Export summary
When exporting a resume on the My Circle service, the web application does not work correctly with Cyrillic — in the case of Cyrillic user names and surnames:
Not a mistake, but nice :)
Works without problems
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/119647/
All Articles