A Website can build with simple HTML / CSS / Javascript. When you published, all source code can see with DevTools of Browser.
What is DevTools?
DevTools is a great tool in the hands of developers and designers for the need to making the development process more productive and debugging easy.
With the Inspect Element on Chrome, you have more power than the traditional web users:
- View and change the DOM
- View and style CSS
- Debug Javascript
- Watch network activity
- Show Local Storage, Session Storage,...
- Optimize website performance
- etc...
You can discover that the DevTools can be a serious boost to your productivity. But...
With great power comes great responsibility
— Tom Precious
Why need disable Devtools?
DevTools is powerful for Development, but is dangerous on production environment.
Anyone can see your source code, which means it's not secure. With DevTools, hacker easily inspect, edit, modify your code.
I was access to admin of website by change
is_admin
variable to true
Besides, he can see when your website get API (Application Programming Interface) and steal API_KEY or exploit information.
Solution
DevTools can't closed completely. But you can make it inaccessible. Launching DevTools in the following ways:
- Right-click -> Inspect
- Ctrl + Shift + I (DevTools shortcut)
- F12 (DevTools shortcut)
- Ctrl + Shift + J (Open the Console panel)
- Ctrl + Shift + C (Open the Elements panel)
- Ctrl + U (View Source-code)
// Disable right-click
document.addEventListener('contextmenu', (e) => e.preventDefault());
function ctrlShiftKey(e, keyCode) {
return e.ctrlKey && e.shiftKey && e.keyCode === keyCode.charCodeAt(0);
}
document.onkeydown = (e) => {
// Disable F12, Ctrl + Shift + I, Ctrl + Shift + J, Ctrl + U
if (
event.keyCode === 123 ||
ctrlShiftKey(e, 'I') ||
ctrlShiftKey(e, 'J') ||
ctrlShiftKey(e, 'C') ||
(e.ctrlKey && e.keyCode === 'U'.charCodeAt(0))
)
return false;
};
Check out from this Github code.
Top comments (8)
Neat trick,
Do you have any idea on how to prevent site access, if the user opens the devtools from navigation menu.
Check this website for reference:
mca.gov.in/content/mca/global/en/h...
here you go buddy.
disable-devtool
Just a side note, by default doesn't work on debug mode, works on release mode. Enjoy
hello can u show me the code to prevent site from navigation menu devtools click?
Just add this cdn on the page where you want to disable the dev-tools. Example if you have a master page then add on the master page.
Login -> MasterPage.
If you add to master page then if someone try to inspect then it will take them to login page.
It didn't allow me to paste the script directly, so I am doing like this:
<$cR!Pt disable-devtool-auto src='cdn.jsdelivr.net/npm/disable-devtool' ></$cR!Pt>
Just replace: $cR!Pt with -> script, on both opening and closing tags.
Since it is a cdn, you can copy and paste the url in your browser and then it will show you the code.
How to do that?
You can hack it by:
open DevTools -> goto your "protected" site.
Dev tool can be closed completely using Script.
Check this for reference:
How to Disable Developer Tools completely for your webpage?
you can hack this by pressing F12 on the keyboard... use the devtools.js ( devtools.isOpen) functionality to control and restrict access