DEV Community

Discussion on: Quick tutorial CSS tip: How to show source code the easy way

indieveed profile image

an editable block also allows attackers to include any JavaScript to steal credentials and override other scripts on your server

How does it work? I mean how is it different from just executing JS code in devtools console? Unless you save this edited scripts and serve them to other users you should be fine, shouldn't you?