There are a few giant companies out there, namely Facebook and Netflix, who have decided to effectively disable a user's ability to execute JavaScript console commands. The decision was initially made by Facebook to prevent users from executing a specific set of commands which would expose user information via the JavaScript console (the message was sent to all Facebook users via a massive SPAM message). Of course this has been subject to loads of criticism, but before I weigh in, here's the code to do it:
// It appears Netflix is following (Facebook's lead)[https://news.ycombinator.com/item?id=7222129].(function() {
try {
var $_console$$ = console;
Object.defineProperty(window, "console", {
get: function() {
if ($_console$$._commandLineAPI)
throw "Sorry, for security reasons, the script console is deactivated on netflix.com";
return $_console$$ },
set: function($val$$) {
$_console$$ = $val$$ }
})
} catch ($ignore$$) {
}})();Not that my opinion matters much, but I actually think this practice somewhat legit. From their perspective, if disabling the consoles helps to temporarily prevent an issue, you have to do it. In the long term, it's really not a good idea; they may become a target simply based on their effort to block people out. Regardless, this code seems to work so if you want to prevent console executions, this will do it.
扫一扫
1386
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
