Dev tools should not let us edit the source code & send request for any website(Prototype Pollution)

%3CLINGO-SUB%20id%3D%22lingo-sub-2004854%22%20slang%3D%22en-US%22%3EDev%20tools%20should%20not%20let%20us%20edit%20the%20source%20code%20%26amp%3B%20send%20request%20for%20any%20website(Prototype%20Pollution)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2004854%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20According%20to%20me%2C%20dev%20tools%20should%20not%20allow%20us%20to%20change%20the%20source%20code%20%26nbsp%3Band%20send%20request%20to%20just%20any%20website.%20It%20is%20a%20defect.%20This%20feature%20should%20be%20disabled.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BThe%20Dev%20tool%20should%20not%20allow%20us%20to%20edit%20the%20source%20code%20of%20any%20website%20because%20it%20causes%20prototype%20pollution.%20The%20person%20who%20uses%20the%20dev%20tool%20for%20any%20browser%20should%20be%20allowed%20to%20edit%20only%20the%20code%20of%20the%20website%20which%20he%2Fshe%20is%20developing.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BFor%20example%2C%20we%20can%20let%20the%20user%20edit%20code%20if%20the%20server%20is%20hosted%20locally%20while%20developing%20the%20website.%20Secondly%20we%20can%20use%20certificate%20key%20concepts%20where%20we%20can%20authorize%20a%20machine%20to%20edit%20the%20code%20for%20development%20purposes%20only.%20Other%20then%20that%20we%20should%20not%20allow%20the%20browser's%20user%20edit%20the%20code%20using%20dev%20tools%20to%20commit%20a%20cyber%20attack.%20%26nbsp%3BThis%20will%20make%20the%20code%20less%20vulnerable.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2004910%22%20slang%3D%22en-US%22%3ERe%3A%20Dev%20tools%20should%20not%20let%20us%20edit%20the%20source%20code%20%26amp%3B%20send%20request%20for%20any%20website(Prototype%20Po%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2004910%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F907608%22%20target%3D%22_blank%22%3E%40ganeshbonde%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20do%20realize%20that%20the%20dev%20tool%20only%20edits%20the%20resources%20loaded%20in%20your%20browser%2C%20right%3F%3CBR%20%2F%3E%3CSTRONG%3Eyou%20can't%20edit%20resources%20on%20the%20server%20with%20dev%20tools.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEdge%20browser%20detect%3F%20what!%3F%20%3CSTRONG%3Eevery%20browser%20has%20dev%20tools!%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethere%20is%20no%20source%20editing.%20%3CSTRONG%3Eweb%20servers%20are%20protected%20using%20security%20protocols.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20suggest%20you%20read%20and%20do%20research%20about%20Dev%20tools%2C%20web%20servers%20and%20security%20aspects%20of%20them.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi,

    According to me, dev tools should not allow us to change the source code  and send request to just any website. It is a defect. This feature should be disabled. 

   The Dev tool should not allow us to edit the source code of any website because it causes prototype pollution. The person who uses the dev tool for any browser should be allowed to edit only the code of the website which he/she is developing. 

   For example, we can let the user edit code if the server is hosted locally while developing the website. Secondly we can use certificate key concepts where we can authorize a machine to edit the code for development purposes only. Other then that we should not allow the browser's user edit the code using dev tools to commit a cyber attack.  This will make the code less vulnerable.

1 Reply

@ganeshbonde 

 

You do realize that the dev tool only edits the resources loaded in your browser, right?
you can't edit resources on the server with dev tools.

 

Edge browser defect? what!? every browser has dev tools!

 

there is no source editing. web servers are protected using security protocols.

 

I suggest you read and do research about Dev tools, web servers and security aspects of them.