Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

How can I block a website from spamming the browser's web dev console?

more options

I've noticed that some websites will endlessly spam the console (in developer tools) with rubbish, and I would like to be able to block that from happening. I'm ignorant about this sort of stuff in general, and it confuses me how a website can even access my browser's console to begin with.

The latest example I came across which caused me to finally ask about it, was some strange JavaScript spam with some kind of < div > (had to edit this with spaces to show it in the post) structure containing over a thousand characters. This entire thing gets spammed in the console at a rate of a few every second. I recorded a short gif of it, which imgur seems to have converted into a video: https://i.imgur.com/dosMZjo.mp4

I've noticed that some websites will endlessly spam the console (in developer tools) with rubbish, and I would like to be able to block that from happening. I'm ignorant about this sort of stuff in general, and it confuses me how a website can even access my browser's console to begin with. The latest example I came across which caused me to finally ask about it, was some strange JavaScript spam with some kind of < div > ''(had to edit this with spaces to show it in the post)'' structure containing over a thousand characters. This entire thing gets spammed in the console at a rate of a few every second. I recorded a short gif of it, which imgur seems to have converted into a video: https://i.imgur.com/dosMZjo.mp4

Athraithe ag Flannery_Moore ar

Réiteach roghnaithe

Any script can output to the console log using

console.log('Whatever I want to put here...');

but it's difficult to think of what they might have been trying to achieve in that case when you aren't generating any events (for example, mousing around over the page, scrolling, expanding/closing elements, etc.).

I'm not aware of any built-in defense against this, but one possibility is to inject a script into the page that makes the console.log() function do nothing on that page. For example:

console.log=function(){}

Of course, you can run that in the console, but for more convenience, you can save the script as a "bookmarklet" (bookmark whose url starts with javascript:) on your toolbar or menu to quickly run the script in the context of the currently displayed page.

I posted one here as an example: https://www.jeffersonscher.com/res/sumomarklets.html#nolog

Read this answer in context 👍 1

All Replies (2)

more options

Réiteach Roghnaithe

Any script can output to the console log using

console.log('Whatever I want to put here...');

but it's difficult to think of what they might have been trying to achieve in that case when you aren't generating any events (for example, mousing around over the page, scrolling, expanding/closing elements, etc.).

I'm not aware of any built-in defense against this, but one possibility is to inject a script into the page that makes the console.log() function do nothing on that page. For example:

console.log=function(){}

Of course, you can run that in the console, but for more convenience, you can save the script as a "bookmarklet" (bookmark whose url starts with javascript:) on your toolbar or menu to quickly run the script in the context of the currently displayed page.

I posted one here as an example: https://www.jeffersonscher.com/res/sumomarklets.html#nolog

more options

jscher2000 - Support Volunteer said

Any script can output to the console log using console.log('Whatever I want to put here...'); but it's difficult to think of what they might have been trying to achieve in that case when you aren't generating any events (for example, mousing around over the page, scrolling, expanding/closing elements, etc.). I'm not aware of any built-in defense against this, but one possibility is to inject a script into the page that makes the console.log() function do nothing on that page. For example: console.log=function(){} Of course, you can run that in the console, but for more convenience, you can save the script as a "bookmarklet" (bookmark whose url starts with javascript:) on your toolbar or menu to quickly run the script in the context of the currently displayed page. I posted one here as an example: https://www.jeffersonscher.com/res/sumomarklets.html#nolog

Thank you for this. Just entering `console.log=function(){}` into the console whilst on the page stopped the spam entirely. In doing so, I also discovered what the purpose of that spam might be; at the top of the log is a large message which claims they are logging every action taken on the page. They claim that they're doing so to try and catch people who would copy the content of their site. Screenshot: https://i.imgur.com/scBsIUi.png

Regarding adding a bookmark, I believe I correctly did what you instructed and added `javascript:console.log=function(){}`. However clicking the bookmark causes the entire page to go blank with the raw text `function(){}` displayed. I assume this isn't intended, because it stops me from using the website lol. Did I misunderstand? Edit: It seems I did misunderstand. After adding `javascript:void(console.log=function(){})` instead, it worked as intended via bookmark.

Either way, you sucessfully answered my query and my issue is resolved. So again, thank you.

Athraithe ag Flannery_Moore ar