1. 8
  1. 1

    that you need to enter some code in DevTools makes it a vulnerability that would be difficult to exploit in the wild.

    Some facts about me:

    • Habit of opening devtools from a random existing tab and using it as a scratchpad.
    • Habit of opening devtools when something looks funky/broken.
    • Likely to trust a console prompt that advertises calling some function without parameters to enable debug mode/tools
    • Tendency to use subdomains to host webUIs from untrusted services (e.g. a worldmap from sandboxed Minecraft instance (with mods of various origin))
    • Likely to use subdomains to host private services with sensitive information
    • Has similar friends who would use said services