DevTools can be detected using redefined nodeType getter
Reported by
kdzwinel@gmail.com,
Jan 7 2018
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 Steps to reproduce the problem: 1. Go to http://jsbin.com/fedemuv/edit?html,js,output 2. Open DevTools 3. "status" will change to "on" What is the expected behavior? Ideally, DevTools shouldn't be detectable. What went wrong? Script reliably detects if DevTools are open even in undocked state. Did this work before? No Chrome version: 65.0.3314.0 Channel: canary OS Version: OS X 10.13.2 Flash Version: I know that this is a cat-and-mouse game, but this particular hack was supposedly fixed in https://crbug.com/795547 , unfortunately it looks like `obj.nodeType` had been overlooked. FYI some other ideas on how DevTools can be detected are discussed here: https://github.com/sindresorhus/devtools-detect/issues/15
,
Jan 8 2018
https://chromium-review.googlesource.com/c/v8/v8/+/854623 We are not going to fix all possible hacks right now, in ideal world it is possible to fix most ways of DevTools detecting but it is not of our top priority and mostly blocked on injected-script-source migration to native code: crbug.com/595206
,
Jan 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/784e2f5e00c53f5abd57dc95865637f42bc7c77b commit 784e2f5e00c53f5abd57dc95865637f42bc7c77b Author: Alexey Kozyatinskiy <kozyatinskiy@chromium.org> Date: Mon Jan 08 23:53:15 2018 [inspector] little better injected-script-source We can call less getters on node objects. R=dgozman@chromium.org Bug: chromium:799791 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Iecfe76c2be6b6bed675013ac4aaa117b714d4ba5 Reviewed-on: https://chromium-review.googlesource.com/854623 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#50420} [modify] https://crrev.com/784e2f5e00c53f5abd57dc95865637f42bc7c77b/src/inspector/injected-script-source.js
,
Jan 9 2018
Fix will be available in one of the next Canary build.
,
Jan 9 2018
@kozy thank you for a quick response. I absolutely understand that it's not 100% fixable. |
||
►
Sign in to add a comment |
||
Comment 1 by eostroukhov@chromium.org
, Jan 8 2018Status: Assigned (was: Unconfirmed)