1. 54
  1.  

  2. 6

    This is very pleasing.

    Unfortunately, it’s also a bug in “inspect” (for me, Developer Tools in FF). Because I don’t want random web pages knowing whether or not I’m using dev tools, right? (I don’t want a cryptominer page to delete itself when I open dev tools.)

    Yep, detecting dev tools is a thing, according to StackOverflow and Github. From the discussion, it appears that browser vendors consider this a hole and try to close it, but there is an arms race.

    1. 3

      While that seems like a valid concern, it looks like the page doesn’t detect whether your dev tools are open.

      1. 2

        I’m no JS expert! I tried to play the game “blind” without the dev tools open (just click the snake and start using the arrow keys) and the game didn’t start.

        1. 1
          1. close all snake tabs
          2. open a new tab (about:blank) and inspect that. Pop dev tools out into a standalone window.
          3. visit the snake in that tab.
          4. try clicking it. For me, the game does NOT start.
          5. click into the dev tools window. Click back onto the snake.
          6. game starts.
          1. 6

            You can see in the source that it just looks for window blur. I did your steps above but instead of 5 just clicked on a another window, then the game played.

            window.addEventListener('blur', () => {
                document.getElementsByTagName('style')[0].innerHTML += 'div:first-of-type {cursor: pointer;}';
                snakeElement.addEventListener('click', startGame);
            });
            
            1. 1

              Ah, I missed the on-blur when I looked at the source! Good catch.

      2. 1

        In my opinion is should be a thing, but like with the notifications API, it should pop up a notification of the like “this website is detecting your using developer tools, is that okay?” Not that I can actually think of a valid reason beyond being part of cheat detection in the eLearning that I work on.

      3. 2

        Try the same on https://Samy.pl - much harder :-)

        1. 1

          Haha, that’s good. But it quickly falls to view-source:https://samy.pl/ (for the initial load) or selecting the web inspector from tools (for the live page).

          I’m surprised the page can capture F12 and C-u when I have the address bar in focus, though.

          1. 1

            Oh, no I didn’t. :-) Did you try clicking the source of the JS file linked from view-source:https://samy.pl/ ? ;-) It goes on and on.

            1. 1

              Yeah, I love the whitespace binary. The anti-devtools stuff is newer, though.

        2. 1

          If only I needed more proof that browsers are sick…

          But nice hack! :D

          I had some problems in the beginning, as I’m using a javascript-less firefox.