I’m Jecelyn Yeen, currently working on Chrome Tooling - Chrome DevTools, Puppeteer and more at Google. I tend to talk about web development, debugging & testing.

Prefer video over text? Head to the end for the video version.

Think before you paste! That unfamiliar code snippet could be a trap set by hackers. Don't let them use DevTools as a gateway to your sensitive data.

Beware of self-XSS attacks: Hackers might trick you into pasting malicious scripts into DevTools, potentially stealing your bank details or causing other harm.

New warning to the rescue: When you attempt to paste code in the Sources or Console panels, DevTools now displays a clear warning for new users.

Think twice, paste once: This one-time warning prompts you to confirm your understanding of the potential risks involved. To proceed, you need to deliberately type "allow pasting."

Stay vigilant and protect yourself: By taking a moment to verify the source and purpose of the code before pasting, you can safeguard your browsing experience and keep hackers at bay.

Learn more about this topic: developer.chrome.com/blog/self-xss

Video