[berbec]

For those to lazy to run base64 --decode, here's the result:

// Here's a cake if you thought about inspecting the code before executing it:

let css = 'font-size: 36px; font-weight: bold; color: red';

console.log("%cNEVER paste code you don't understand into the development console.", css); console.log("%cThis is the best way to compromise your account.", css);

[notpachet]

Wow, I had zero idea you could use string substitution for formatting console.log messages. (Although I guess if I'd stopped and thought about it, there had to be something enabling those big scary messages in the console for certain websites...)

[someguy7250]

> NEVER paste code you don't understand into the development console

Tech companies have long achieved security by simply locking people out of choices that they shouldn't make.

I'm suspecting that Google will soon lock people out of Chrome's developer tools unless they can prove they are a developer (with a certificate that's tied to the website they are debugging)

[_27qf]

> with a certificate that's tied to the website they are debugging

And they will tell us this is for our own security!

[memefrog]

Use Firefox!

[mythz]

> For those to lazy to run base64 --decode, here's the result:

Or just strip the eval and use JS's native base64 decoder:

atob(base64)

[SamuelAdams]

CyberChef has been my go to for a while for this sort of stuff. Easy to use GUI, can stack multiple commands fairly easily.

https://gchq.github.io/CyberChef/

[_joel]

"Don't cross the streams!", although I take your point...