Skip to main content
Accessibility Resource Center Skip to main content
Have a phone you love? Get up to $500 when you bring your phone.
Showing results for 
Search instead for 
Did you mean: console.log() should be removed

So it turns out Verizon left debug code intact on their website:

Screen Shot 2020-07-09 at 10.06.13 AM.png

When viewing the Login source code, we can see console.log is enabled for both username and password fields:


console.log("IDToken1 else button"+$j(this).val());

There is one more username/password logging, unsure how to reach this one, but still should not be here:


There is no reason to log this in production. It serves no purpose.

I also found this, but unsure as of yet what it's intended to log:

console.log("isOfferShortLivedPassword : "+isOfferShortLivedPassword +"isUserNameOnly : "+isUserNameOnly +" onestep : "+onestep);

But really, again, console.log is great in staging, but not production. 

Additionally, there are a ton of unhandled promises, and references to null variables. This really should be fixed.