Several giant companies, namely Facebook and Netflix, decided to prohibit users from executing JavaScript commands in the console.
Originally this was started by Facebook to prevent malicious users from spreading messages by executing specific commands through the JavaScript console (sending a large amount of spam to all Facebook users).
Of course this gets a lot of flak, but before I got involved, the code they used looked like this:
// It seems that Netflix is the only one following Facebook’s lead [https://news.ycombinator.com/item?id=7222129].
(function() {
try {
var $_console$$ = console;
Object.defineProperty(window, "console", {
get: function() {
if ($_console$$._commandLineAPI )
throw "Sorry, for user safety, the console script function has been disabled on this website";
return $_console$$
},
set: function($val$$) {
$_console$$ = $val$$
}
})
} catch ($ignore$$) {
}
})();
Although I'm a soft-spoken person, I actually think this practice is legal. From their perspective, if temporarily disabling the console helps prevent a problem, then it has to be done.
But in the long run, this is really not a good idea; the goal might just be to block the target users who rely on them.
Anyway, if you want to prevent the console from executing scripts, this code seems to work well, and it is.