控制台 禁用鼠标_禁用用户JavaScript控制台

控制台 禁用鼠标

There are a few giant companies out there, namely Facebook and Netflix, who have decided to effectively disable a user's ability to execute JavaScript console commands.  The decision was initially made by Facebook to prevent users from executing a specific set of commands which would expose user information via the JavaScript console (the message was sent to all Facebook users via a massive SPAM message).  Of course this has been subject to loads of criticism, but before I weigh in, here's the code to do it:

有几家巨头公司，分别是Facebook和Netflix，它们已经决定有效地禁用用户执行JavaScript控制台命令的功能。 Facebook最初的决定是阻止用户执行一组特定的命令，这些命令会通过JavaScript控制台公开用户信息(该消息通过大量的SPAM消息发送给所有Facebook用户)。 当然这受到了很多批评，但是在我权衡一下之前， 这里是执行此操作的代码 ：

// It appears Netflix is following (Facebook's lead)[https://news.ycombinator.com/item?id=7222129].

(function() {
    try {
        var $_console$$ = console;
        Object.defineProperty(window, "console", {
            get: function() {
                if ($_console$$._commandLineAPI)
                    throw "Sorry, for security reasons, the script console is deactivated on netflix.com";
                return $_console$$
            },
            set: function($val$$) {
                $_console$$ = $val$$
            }
        })
    } catch ($ignore$$) {
    }
})();

Not that my opinion matters much, but I actually think this practice somewhat legit.  From their perspective, if disabling the consoles helps to temporarily prevent an issue, you have to do it.  In the long term, it's really not a good idea; they may become a target simply based on their effort to block people out.  Regardless, this code seems to work so if you want to prevent console executions, this will do it.

我的观点并不重要，但我实际上认为这种做法有些合法。 从他们的角度来看，如果禁用控制台有助于暂时防止出现问题，则必须这样做。 从长远来看，这确实不是一个好主意。 仅仅基于他们的努力，人们就可能成为目标。 无论如何，此代码似乎都可以工作，因此如果您要阻止控制台执行，则可以这样做。

翻译自: https://davidwalsh.name/disable-console

控制台 禁用鼠标