Dev Solve

English

中文
日本語

English

中文
日本語

Appearance

Related Posts

Downgrade to Chrome/Driver v114 (fragile)

Browsing-Topics Permissions-Policy Header Error

Resolving ChromeDriver Version Mismatch in Selenium

Re-enable Paste Protection in Chrome Developer Tools

Run this BEFORE launching your debugger:

Chrome DevTools Paste Protection: Solutions and Workarounds

Problem Statement

Recent Chrome updates have introduced a security feature that blocks pasting content directly into the DevTools console. When attempting to paste, users encounter a warning message preventing the action. This protection exists to prevent Self-XSS attacks—security vulnerabilities where attackers trick users into pasting malicious scripts. While essential for security, this restriction frustrates developers who frequently copy-paste legitimate code snippets.

Allow Pasting via Console Command

The official and recommended approach requires typing a specific command to temporarily disable the protection:

  1. Open Chrome DevTools (Ctrl+Shift+J/Cmd+Option+J)
  2. Type allow pasting
  3. Press Enter

Once executed, pasting remains enabled for the current DevTools session.

TIP

  • Localized versions: On non-English Chrome builds, the warning message displays the required local phrase:
    • German: Einfügen erlauben
    • Spanish: Permitir pegar
    • Japanese: 貼り付けを許可
  • Case sensitivity: Modern Chrome versions (mid-2024+) ignore case, but earlier builds required lowercase
  • Browser compatibility: Works in Chromium browsers and Firefox DevTools

Alternative Solutions

For advanced users managing test automation environments, Chrome can be launched with a flag disabling this protection entirely:

bash
chrome.exe --unsafely-disable-devtools-self-xss-warnings

Security Notice

Only use this flag in test automation environments. Disabling this protection exposes you to credential-stealing attacks if malicious scripts are pasted. Avoid everyday browsing with this flag.

Historical Workarounds (No Longer Valid)

Earlier solutions no longer function, but remain mentioned for context:

  • Experiment toggle removal: Chrome previously had a Show warning about Self-XSS when pasting code option in DevTools Settings ("Experiments" tab), but this was removed in 2024
  • Browser switching: Switching browsers is unnecessary since built-in solutions exist

Why Does Paste Protection Exist?

This mechanism combats "Self-XSS" social engineering attacks where attackers convince users to paste harmful scripts. Example warnings include:

"Don’t paste code into the DevTools Console that you don’t understand or haven’t reviewed yourself. This could allow attackers to steal your identity or take control of your computer. Type 'allow pasting' below to enable pasting."

Once bypassed, Chrome typically remembers your preference for subsequent sessions per origin.

Practical Example

When encountering this warning:

  1. Focus the DevTools console
  2. Type allow pasting
  3. Press Enter
  4. Paste code normally (Ctrl+V/Cmd+V)

Allow Pasting in Chrome DevTools

For automation scripts, use the --unsafely-disable-devtools-self-xss-warnings flag while ensuring scripts only execute in controlled environments.