February 12, 2014 at 11:08Facebook is trying to block the developer console in the Chrome browser
After launching Developer Tools in the Chrome browser on Facebook , some users receive a warning in capital letters: “Be careful! This browser feature is for developers only. ”
With this message, Facebook wants to prevent code from being executed in the console by illiterate users.
Auto-completion is also blocked.
It used to be that the browser console could not be blocked from the server side, but Facebook is trying to do this. One of the Facebook developers explains: This is an experiment that works for part of the Facebook audience. The fact is that recently on Facebook, there have been frequent cases of self-XSS attacks, where an attacker convinces Chrome users to run malicious code in the console using social engineering methods. To do this, you need the user to literally press a couple of hotkeys (Ctrl + Shift + J) and Enter.
As shown in the video, the do-it-yourself victim implements XSS. To protect uneducated users, Facebook also tries to intercept the launch of the console by accessing
With this message, Facebook wants to prevent code from being executed in the console by illiterate users.
Auto-completion is also blocked.
It used to be that the browser console could not be blocked from the server side, but Facebook is trying to do this. One of the Facebook developers explains: This is an experiment that works for part of the Facebook audience. The fact is that recently on Facebook, there have been frequent cases of self-XSS attacks, where an attacker convinces Chrome users to run malicious code in the console using social engineering methods. To do this, you need the user to literally press a couple of hotkeys (Ctrl + Shift + J) and Enter.
As shown in the video, the do-it-yourself victim implements XSS. To protect uneducated users, Facebook also tries to intercept the launch of the console by accessing
console._commandLineAPI.Object.defineProperty(console, '_commandLineAPI',
{ get : function() { throw 'Nooo!' } })