I can't paste anything into the web console.

RESOLVED INVALID

Status

RESOLVED INVALID
5 years ago
6 months ago

People

(Reporter: juber, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0

Steps to reproduce:
    * I open up a new ff instance
    * inspect element on the start up page
    * click "Console"
    * highlight some text (i.e. "Thanks for choosing Firefox")
    * attempt to paste it into the console
    * I get the "Scam Warning:..." alert box.

I get why you would want to disable this behavior (Self XSS) but this seems a little bit too much and does interfere with legitimate web dev use cases.
I forget who was doing this anti self-XSS, CC'ing people that might have been.
So far the STR is the expected results. There could be a bug here, maybe the paste warning is unclear, maybe it didn't turn off properly, but "it's annoying" isn't a bug - it is unfortunately by design.

In this situation "it's annoying" is a direct result of the desired outcome which is "it made me think". People are generally annoyed when they're forced to think, but forcing people to think is the only way to prevent them from being scammed.

Happy to re-open if there are problems with wording or it not actually turning off, but not happy to re-open because you're annoyed. Sorry!
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
Joe: weren't eventually going to turn this off for Aurora and Nightly though? I agree that this feature should be in release, but Beta/Aurora/Nightly are harder sells for me.
(In reply to Jeff Griffiths (:canuckistani) from comment #3)
> Joe: weren't eventually going to turn this off for Aurora and Nightly
> though? I agree that this feature should be in release, but
> Beta/Aurora/Nightly are harder sells for me.

We were and I'd still like to, but I think we should iron this type of thing out on Nightly/Aurora first.

I'd be very nervous about having a feature that was only tested in the wild on Release. I think we need it on Beta at the very least.
(In reply to Joe Walker [:jwalker] from comment #4)
...
> I'd be very nervous about having a feature that was only tested in the wild
> on Release. I think we need it on Beta at the very least.

Exactly - *eventually*.
(Reporter)

Comment 6

5 years ago
Is there any way to expose the exact reasons why you can't paste when the spam warning comes up? The reasons :jwalker outlined in this bug (and on IRC) are all good reasons for why the no-paste feature was added. Maybe an <a> tag in the spam warning that links to a page that outlines the reasons?

Comment 7

3 years ago
>it's annoying

It prevents me from doing what I want to do. Firefox requires me to enter a ritual string instead of doing what it's expected to do. It not only wastes my time and humiliates me, in some cases it's not so easy to enter the required string because it's in some national language. Try to enter "разрешить вставку".

Moreover, entered string remains after unlocking the console. It makes me to feel like I was used and left alone to deal with consequences.

Comment 8

3 years ago
wtf guys ... this is beyond stupid.
Dev tools in FF is a disaster.

Updated

6 months ago
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.