Start a new topic

Self-XSS Warning - Do NOT paste things into your browser's console!

Hey folks! 

It was brought to our attention that Cohost does not currently print any kind warning into the browser console when you open it. We all agree that this is something we want to add, but we can't toss it in there quite yet due to the raw noise currently getting thrown into the console. I'm putting this into the Feature Request forum just so people know we're aware of it and plan on adding it. 

What are you talking about?

Your browser has a developer console, full of useful tools for developers, designers, and debugging! Unfortunately, those very same tools can be used for evil; it's not uncommon for bad actors to try and trick you into pasting some kind of malicious code there. This is called a self-XSS attack.

Under no circumstances should you ever paste anything into the developer console, no matter what anyone tells you. There are no secret features or eggbugs. Cohost staff will never ask you to paste anything there. If you do not perfectly understand what you are doing with your own knowledge and skills, leave right away. 

If you are a cool developer trying to do cool things with Cohost, please don't tell users to paste stuff into the console, even if it's not actually malicious. You can Do Your Part in helping make sure everyone stays safe!

shoutout to Malnormalulo for bringing this to our attention.

thanks everyone!


26 people like this idea

it is preferred that you put all xss attacks inside your posts

Login or Signup to post a comment