If you ever open the developer console of Facebook so, you found that Facebook has written a message which alerts the user that do not attempt to run any malicious code if you doesn’t have an understanding of it.
It is quite a simple technique only and only needs 2 lines of JavaScript which can do this job for you.
/**
* Add the warning message in console to alert the user about XSS Attack.
*/
function domContentLoaded() {
"use strict";
setTimeout(console.log.bind(console, "\n%cStop!", "color:red;font-size:50px;font-weight:bold;text-shadow: 1px 1px 0px black, 1px -1px 0px black, -1px 1px 0px black, -1px -1px 0px black;"));
setTimeout(console.log.bind(console, "This is a browser feature intended for developers. If someone told you to copy and paste something here, it is a scam and will give them access to your %caccount", "color:red;", "etc. so avoid to do that if you are not a developer and doesn't have an understanding of what you are copy and pasting here."));
}
document.addEventListener("DOMContentLoaded", domContentLoaded);
This message will be shown once the page gets loaded and will not shows the line number and filename same as Facebook but if you like to show the line number and filename with the message then just use the code as mentioned below:
/**
* Add the warning message in console to alert the user about XSS Attack.
*/
function domContentLoaded() {
"use strict";
setTimeout(console.log("\n%cStop!", "color:red;font-size:50px;font-weight:bold;text-shadow: 1px 1px 0px black, 1px -1px 0px black, -1px 1px 0px black, -1px -1px 0px black;"));
setTimeout(console.log("This is a browser feature intended for developers. If someone told you to copy and paste something here, it is a scam and will give them access to your %caccount", "color:red;", "etc. so avoid to do that if you are not a developer and doesn't have an understanding of what you are copy and pasting here."));
}
document.addEventListener("DOMContentLoaded", domContentLoaded);