Facebook is supposed to use code similar to the one link for disable and place a warning to your users. Since the above link code seems to be in half.
Elements
and Sources
. Facebook is supposed to use code similar to the one link for disable and place a warning to your users. Since the above link code seems to be in half.
Elements
and Sources
. In fact, developer tools are not disabled, but Facebook discourages them from doing anything there, as many lay users do not know what it is.
They started to display this message because of malicious users who instruct people to execute code in their browsers and potentially potentially steal user data.
I've searched here, and the code that displays the message is relatively simple:
var i = "Stop!",
j = "This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.";
if ((window.chrome || window.safari)) {
var l = 'font-family:helvetica; font-size:20px;';
[
[i, l + 'font-size:50px; font-weight:bold; ' + 'color:red; -webkit-text-stroke:1px black;'],
[j, l],
['', '']
].map(function(r) {
setTimeout(console.log.bind(console, '\n%c' + r[0], r[1]));
});
}
Basically, what the above code does is display a message in the console when it is detected that it has been opened.
There is no way to disable, just display a message on the console that seems to be disabled.
<script type="text/javascript">
Object.defineProperty(window, "console", {
value: console,
writable: false,
configurable: false
});
var i = 0;
function showWarningAndThrow() {
if (!i) {
setTimeout(function () {
console.log("%cWarning message", "font: 2em sans-serif; color: yellow; background-color: red;");
}, 1);
i = 1;
}
throw "Console is disabled";
}
var l, n = {
set: function (o) {
l = o;
},
get: function () {
showWarningAndThrow();
return l;
}
};
Object.defineProperty(console, "_commandLineAPI", n);
Object.defineProperty(console, "__commandLineAPI", n);
showWarningAndThrow();
</script>
Source: this question
Chrome wraps around the console code in:
with ((console && console._commandLineAPI) || {}) {
<code goes here>
}
... So the site redefines console._commandLineAPI with:
Object.defineProperty(console, '_commandLineAPI',
{ get : function() { throw 'Nããão!' } })
Any questions, play with it:
function escape(s) {
Object.defineProperty(console, 'foo',
{ get : function() { throw 'Nãão!' } });
var code = 'with((window.console && console.foo) || {}) {\n\t'+s+'\n}';
console.log(code);
try {
console.log(eval(code));
} catch (e) {
console.log(e);
}
}