
Disable the User's JavaScript Console - ritchiea
http://davidwalsh.name/disable-console
======
grimtrigger
I'm sad to see this become practice. Playing around the javascript console is
one of the "WOAH" moments I had when I was first learning to code.

I remember using the Facebook "Like Bomb" during an all nighter at the
library. It was a javascript snippet that would like everything on the page
and annoy all your friends. Back then, I didn't consider myself a coder, and
didn't think for a second I'd be doing this 4 years later.

I also remember being on gTalk with a friend and he was really annoyed by a
paywall he couldn't get around. It was nothing more than a popup modal, so I
sent him back a couple lines of javascript that got him through the paywall. I
felt like a wizard.

The JS console is like peeling back a layer of the web and seeing a whole new
world. Web pages stop being this thing you consume, and starts being something
you manipulate and break. Anyone with experience will be able to get around
this, but its sad that a lot of people might just shrug it off and not have
those same experiences.

------
the_ancient
I for one can not wait until EME expands beyond Video to include full
encryption of entire web pages so the web can be locked down behind DRM....
That will be fun for everyone

Netflix and Facebook will be the first to adopt it, the kind of thinking that
creates locking out the console will create the expansion of drm.

------
WhiteNoiz3
Couldn't you easily write a scriptlet (javascript: ....) to bring it back?

~~~
kaonashi
Aye: javascript:void(delete window.console)

~~~
UnoriginalGuy
That works perfectly for me on Netflix.

------
joesmo
I'd expect a bug fix for this soon. I don't see it as anything else.
Regardless, it's still security by obfuscation, which is hardly secure.

------
ritchiea
This definitely makes sense, as you can't open up the execution environment of
native programs and execute code there. Though it is disappointing.

~~~
zabraxias
Worth noting that this only works for Chrome. For what it's worth I don't
support the practice and think it will not help prevent "self-XSS" at all. The
idea of self-XSS being ridiculous to begin with.

~~~
Zikes
Apparently it's common enough on Facebook, and not that ridiculous to imagine.

It's just like the "delete system32 to make your computer go faster" trick.
For anyone on this site it's a laughably stupid prank, but you only know about
it because there are people out there ignorant enough to fall for it.

------
systematical
I'd imagine this is pretty easy to circumvent. Ready, set, go.

------
rgawdzik
Yes, put the security on the client-side. -_-

------
CmonDev
The hack-ssembly of the web.

