[infthi]

and even worse: if you find a snippey of code online, once you read it carefully and you understand that it is safe to run - you might be lazy enough to copy it from the browser and paste it in the terminal. And it can be altered with JS before you copy it so you paste something different from what you have inspected. Of course you can use a buffer (say, a text editor) or even re-type that snippet yourself - but are you sure you'll never forget to do that?

[lucideer]

True. This can be tricky but generally:

- the copy-replace trick is harder to do if you use native copy (keyboard or mouse menu) & avoid "Copy" icons pages provide

- if it's such a long snippet that's too long to re-verify at a glance, maybe it's too long...

[kadoban]

> the copy-replace trick is harder to do if you use native copy (keyboard or mouse menu) & avoid "Copy" icons pages provide

Pretty sure that's not true. CSS allows you to choose both what's visible to the user, and also what's included in copy/paste. There's _some_ limitations on that, but it's flexible enough to have a lot of room to be extremely scary.

You can also have a lot of fun with fonts, something that looks like "cp a b" could actually, in text, be "rm a b"

[lucideer]

> Pretty sure that's not true.

> harder to do

You can do it via CSS trickery, or you can even do keyboard/mouse event detection and swap out via window.getSelection(), but both are much more involved & less reliable than via a button.

[kadoban]

My point was that it's still not very hard. Certainly not hard enough that you can avoid worrying about it if you just turn JS off.