I used to be able to type javascript in the address bar like this: javascript:alert();. It doesn't work anymore. Does anyone know why?
Asked
Active
Viewed 28 times
1
-
Probably because too many people got tricked into executing malicious code this way. – CBroe Sep 30 '22 at 13:39
-
1People were being given "secret hacks" to put in their address bar that would "enable awesome Facebook features" and actually send their login cookies off to an attacker. Too widely abused, and now you've got the developer console for this. – ceejayoz Sep 30 '22 at 13:40
-
I tried in Chrome Version 105.0.5195.127 (Official Build) (64-bit) and it works. Just need to type `javascript:` manually. – Dimitris Maragkos Sep 30 '22 at 13:41
-
Does not work in Firefox v106.0b3 – evolutionxbox Sep 30 '22 at 13:43
-
2(Attack is known as Self-XSS; https://en.wikipedia.org/wiki/Self-XSS) Chrome's disabling: https://bugs.chromium.org/p/chromium/issues/detail?id=82181; Firefox's: https://bugzilla.mozilla.org/show_bug.cgi?id=656433 – ceejayoz Sep 30 '22 at 13:49