disable-devtool
disable-devtool copied to clipboard
theajack
You are making the world a worse place
@Mubelotix So please tell me why content producers cannot take some measures to try to protect their labor results.
@Mubelotix So please tell me why content producers cannot take some measures to try to protect their labor results.
If you need clientside protection then I have very bad news for you: this will never be effective. I bet that websites relying on this are extremely insecure due to the false sense of security their developers might feel. Anyone that has the technical skills to attack your website has the technical skills to disable this tool in like, 15 seconds max. This is just annoying
I know there is no way to protect the client. So what I said is to try to protect it. In addition, if the website owner doesn't want you to see his stuff, why do you want to see it? @Mubelotix
If you need clientside protection then I have very bad news for you: this will never be effective.
Yes, using it for client-side protection is not very smart, but why shouldn't we use it? It makes our users harder to get scammed by putting unknown javascript into their client
unknown javascript into their client
Firefox requires typing allow paste, but not all browsers provide similar protections, so I can see why it's kinda reasonable to block dev-tools. I wish it wasn't a perma-block, but rather a soft conditional-block that the user can easily (but willingly) unlock
Yeah sure as if this tool was used for "security". If it wasn't made to be a pain in the ass it would also support easy disabling for power users. Every single website I have seen using this was illegal and probably used it to protect themselves from law-enforcement and competitors. Great.
It would be useful for online quiz kind of apps where students think they are smart will open dev-tools and inspect.
It would be useful for online quiz kind of apps where students think they are smart will open dev-tools and inspect.
No it's not. A quiz app needs to perform checks on the server. Answers should never be sent to clients
quiz app needs to perform checks on the server
For serious grading, yes! because the client is proving knowledge to the server.
For a non-serious quiz or a self-grading tool, it's better client-side. I'm not saying that justifies use of disable-devtool, that's beside(s) the point
Edit: Since a few months ago, I can no longer reply to this thread...
It would be useful for online quiz kind of apps where students think they are smart will open dev-tools and inspect.
No it's not. A quiz app needs to perform checks on the server. Answers should never be sent to clients
Right as you said, but they can check what are the server fields that arrive through the api request using Network resource tab.
Most developers will get all fields and show only certain field data in the UI. using this method, we can able to see the full fields of that api. It helps me.,
Most people who come here to blame this package are developers who failed to bypass it to do or steal something. š
So, Iām not surprised to see those people here. š
>cites "Most people" >doesn't provide sources
uh-huh...your bootlicking+condescending way of writing suggests to me you wouldn't succeed either, but what do I know, I'm clearly one of those devs. š¤Ŗ
if the website owner doesn't want you to see his stuff, why do you want to see it?
To answer this silly deflection, I was trying to copy some non-selectable text in a dropdown menu so I could have it translated and the easy way is to just grab the text from the source. But no, the site had to make it annoying. You make it sound like all attempts are nefarious.
The "developer bypass" feature is usable by anyone, and I just used it for that site I alluded to above (no, the key was not a[^0]), so for legitimate, well-meaning sites at best this is giving junior Chinese devs a misconception that this is protecting the content of their hobby websites when it really does not.
p.s. don't be alarmed if this disappears eventually, I'm just blowing off steam.
[^0]: it was yuyuko, if the dev of that site ever reads this. you might as well remove it.
The open web is a really beautiful thing; this kind of project undermines it.
To the point that the library authors made in this thread, this type of tool won't stop people who want to violate a license, but it will stop many people who:
- Want to understand how a website works
- Want to look into odd behavior
- Want to debug or correct a poor user experience
- Have some kind of accessibility need that wasn't accounted for by the website's creator
All this is to say, my overall conclusion is... bummer man, what an unfortunate way to decide to spend your time and talent.
open dev console > network tab, reload the closed page while spamming F8. eventually you'll stop the script from loading.
how to bypass: open ublock origin ||cdn.jsdelivr.net/npm/disable-devtool$script ||cdn.jsdelivr.net/npm/devtools-detector$script,3p
enjoy
For apps that bundle the library, see https://gist.github.com/aravindanve/3e13d995fac35e4a07c236b11cc432c7#bypass-bundled-script
@devicemodder Beat me to it. I just found out about this little script on a website. Typically I just leave devtools open, even when it's not in use, took me about 20 seconds to figure out what the hell was going on and block the script. Also doesn't help the fact that the script is called disable-devtool and isn't mixed in with anything else with how its application was used. Ray Charles could have found that. Popped right up in my network list.
And there's no use in adding anymore about this topic, @slifty said it perfectly.
In my case the site I tried to open Dev Tools in kept refreshing itself when it detected they were open. Disabling JavaScript did prevent this but it also caused some elements I was interested in to not load. I use Brave browser and what I did to barely work around this is: open Dev Tools, go to the Sources tab, click "stop script execution" (looks like a pause button) and then spam the "step out of current function" button (looks like an upward arrow) until the elements I was interested in loaded and I was able to look at them through the Elements tab. This of course means that the page is frozen and you can't interact with it as long as the script execution is paused but it worked out for my purpose.
