MicrosoftDocs
diff --git a/‎microsoft-edge/devtools-guide-chromium/console/console-javascript-images/console-self-xss-warning.png‎
46.6 KB b/‎microsoft-edge/devtools-guide-chromium/console/console-javascript-images/console-self-xss-warning.png‎
46.6 KB
diff --git a/‎microsoft-edge/devtools-guide-chromium/console/console-javascript.md‎
Lines changed: 68 additions & 4 deletions b/‎microsoft-edge/devtools-guide-chromium/console/console-javascript.md‎
Lines changed: 68 additions & 4 deletions
diff --git a/‎microsoft-edge/devtools-guide-chromium/javascript/snippets-images/sources-self-xss-warning.png‎
52.6 KB b/‎microsoft-edge/devtools-guide-chromium/javascript/snippets-images/sources-self-xss-warning.png‎
52.6 KB
diff --git a/‎microsoft-edge/devtools-guide-chromium/javascript/snippets.md‎
Lines changed: 84 additions & 5 deletions b/‎microsoft-edge/devtools-guide-chromium/javascript/snippets.md‎
Lines changed: 84 additions & 5 deletions
@@ -6,11 +6,11 @@ ms.author: msedgedevrel
 ms.topic: conceptual
 ms.service: microsoft-edge
 ms.subservice: devtools
-ms.date: 07/12/2023
+ms.date: 06/06/2025
 ---
 # Run JavaScript in the Console
 
-You can enter any JavaScript expression, statement, or code snippet in the **Console**, and it runs immediately and interactively as you type.  This is possible because the **Console** tool in DevTools is a [REPL](https://wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop) environment.  _REPL_ stands for Read, Evaluate, Print, and Loop.
+You can enter any JavaScript expression, statement, or code snippet in the **Console**, and it runs immediately and interactively as you type.  This is possible because the **Console** tool in DevTools is a [Read–eval–print loop (REPL)](https://wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop) environment.
 
 The **Console**:
 1. Reads the JavaScript that you type into it.
@@ -65,15 +65,17 @@ As with many other command-line environments, a history of the commands that you
 
 Similarly, autocompletion keeps a history of the commands you previously typed.  You can type the first few letters of earlier commands, and your previous choices appear in a text box.
 
-Also, the **Console** also offers quite a few [utility methods](utilities.md) that make your life easier.  For example, `$_` always contains the result of the last expression you ran in the **Console**.
+Also, the **Console** also offers quite a few utility methods that make your life easier.  For example, `$_` always contains the result of the last expression you ran in the **Console**.  See [Console tool utility functions and selectors](./utilities.md).
 
 ![The $_ expression in the Console always contains the last result](./console-javascript-images/console-history.png)
 
 
 <!-- ====================================================================== -->
 ## Multiline edits
 
-By default, the **Console** only gives you one line to write your JavaScript expression.  You code runs when you press **Enter**. The one line limitation may frustrate you.  To work around the 1-line limitation, press **Shift+Enter** instead of **Enter**.  In the following example, the value displayed is the result of all the lines (statements) run in order:
+By default, the **Console** only gives you one line to write your JavaScript expression.  You code runs when you press **Enter**.  To work around the 1-line limitation, press **Shift+Enter** instead of **Enter**.
+
+In the following example, the value displayed is the result of all the lines (statements) run in order:
 
 ![Press Shift+Enter to write several lines of JavaScript.  The resulting value is output](./console-javascript-images/multiline.png)
 
@@ -82,6 +84,50 @@ If you start a multi-line statement in the **Console**, the code block is automa
 ![The Console recognizes multiline expressions using curly braces and indents](./console-javascript-images/automatic-lineindent.png)
 
 
+<!-- ====================================================================== -->
+## Allow pasting into the Console
+
+When you first try to paste content into the **Console** tool, instead of pasting, a message is displayed: "Warning: Don't paste code into the DevTools Console that you don't understand or haven't reviewed yourself. This could allow attackers to steal your identity or take control of your computer. Please type 'allow pasting' below and press Enter to allow pasting."
+
+![Console displaying the self-XSS warning](./console-javascript-images/console-self-xss-warning.png)
+
+This warning helps prevent self cross-site scripting attacks (self-XSS) on end-users.  To paste code, first type **allow pasting** in the **Console**, and then press **Enter**.  Then paste the content.  Or, start Edge with the flag below.
+
+Pasting into the **Sources** tool's snippet editor is similar; see [Allow pasting into the Snippet editor](../javascript/snippets.md#allow-pasting-into-the-snippet-editor) in _Run snippets of JavaScript on any webpage_.
+
+
+<!-- ------------------------------ -->
+#### Disable self-XSS warnings by starting Edge with a command-line flag
+
+To prevent the above warnings and immediately allow pasting into the **Console** tool and the **Sources** tool's snippet editor, such as for automated testing, start Microsoft Edge from the command line, using the following flag: `--unsafely-disable-devtools-self-xss-warnings`.  The flag applies to a single session of Microsoft Edge.
+
+For example, on Windows:
+
+Edge Stable:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+Edge Beta:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge Beta\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+Edge Dev:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge Dev\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+Edge Canary:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+
 <!-- ====================================================================== -->
 ## Network requests using top-level await()
 
@@ -120,3 +166,21 @@ To get the last 50 issues that were filed on the [Microsoft Edge Developer Tools
    ```
 
 The **Console** is a great way to practice JavaScript and to do some quick calculations.  The real power is the fact that you have access to the [window](https://developer.mozilla.org/docs/Web/API/Window) object.  See [Interact with the DOM using the Console](console-dom-interaction.md).
+
+
+<!-- ====================================================================== -->
+## See also
+<!-- all links in article -->
+
+* [Interact with the DOM using the Console](console-dom-interaction.md)
+* [Console tool utility functions and selectors](./utilities.md)
+
+GitHub:
+* [ECMAScript proposal: Top-level `await`](https://github.com/tc39/proposal-top-level-await)
+* [Microsoft Edge Developer Tools for Visual Studio Code](https://github.com/microsoft/vscode-edge-devtools)
+
+MDN:
+* [Window](https://developer.mozilla.org/docs/Web/API/Window) object.
+
+Wikipedia:
+* [Read–eval–print loop (REPL)](https://wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop)
@@ -22,6 +22,7 @@ ms.date: 10/17/2023
    See the License for the specific language governing permissions and
    limitations under the License.  -->
 # Run snippets of JavaScript on any webpage
+<!-- https://developer.chrome.com/docs/devtools/javascript/snippets/ -->
 
 If you're entering the same code into the **Console** tool repeatedly, consider saving the code as a snippet instead, and then running the snippet.  Snippets are scripts that you author in the **Sources** tool.  Snippets have access to the JavaScript context of the webpage, and you can run snippets on any webpage.  Snippets can be used to alter a webpage, such as to change its content or appearance, or to extract data.
 
@@ -50,13 +51,17 @@ The code changes the background color of the webpage to dimgrey, adds a new line
 
 When you run a snippet on a webpage, the snippet's source code is added to the current webpage. For more information about changing the existing code of a webpage instead of adding new code, see [Override webpage resources with local copies (Overrides tab)](./overrides.md).
 
+
+<!-- ------------------------------ -->
 #### Include all your code in one file
+<!-- not upstream -->
 
 The security settings of most webpages block from loading other scripts in snippets. For this reason, you must include all your code in one file.
 
 
 <!-- ====================================================================== -->
 ## Open the Snippets tab
+<!-- Open the Snippets pane  https://developer.chrome.com/docs/devtools/javascript/snippets/#open -->
 
 The **Snippets** tab is grouped with the **Page** tab in the **Navigator** pane, on the left of the **Sources** tool.
 
@@ -71,7 +76,9 @@ To open the **Snippets** tab:
 1. In the **Navigator** pane (on the left), select the **Snippets** tab.  To access the **Snippets** option, you might need to click the **More tabs** (![More tabs](./snippets-images/more-tabs-icon.png)) button.
 
 
+<!-- ------------------------------ -->
 #### Open the Snippets tab from the Command Menu
+<!-- no separate heading upstream -->
 
 You can also open the **Snippets** tab by using the **Command Menu**:
 
@@ -85,7 +92,17 @@ You can also open the **Snippets** tab by using the **Command Menu**:
 
 
 <!-- ====================================================================== -->
-## Create a new snippet
+## Create a snippet
+<!-- Create snippets  https://developer.chrome.com/docs/devtools/javascript/snippets/#create -->
+
+You can create a snippet from within the **Snippets** tool, or by running the **Create new snippet** command from the **Command Menu** anywhere in DevTools.
+
+The **Snippets** pane sorts your snippets in alphabetical order.
+
+
+<!-- ------------------------------ -->
+#### Create a snippet in the Sources tool
+<!-- Create a snippet in the Sources panel  https://developer.chrome.com/docs/devtools/javascript/snippets/#create-sources -->
 
 To create a new snippet from the **Snippets** tab:
 
@@ -97,7 +114,10 @@ To create a new snippet from the **Snippets** tab:
 
    ![A new, empty, snippet in the Sources tool](./snippets-images/new-snippet.png)
 
-#### Create a new snippet from the Command Menu
+
+<!-- ------------------------------ -->
+#### Create a snippet from the Command Menu
+<!-- Create a snippet from the Command Menu  https://developer.chrome.com/docs/devtools/javascript/snippets/#create-command-menu -->
 
 1. Focus your cursor somewhere in DevTools.
 
@@ -112,6 +132,7 @@ To rename your new snippet, see [Rename a snippet](#rename-a-snippet), below.
 
 <!-- ====================================================================== -->
 ## Edit a snippet
+<!-- Edit snippets  https://developer.chrome.com/docs/devtools/javascript/snippets/#edit -->
 
 To edit the source code of a snippet:
 
@@ -128,10 +149,60 @@ To edit the source code of a snippet:
    ![An asterisk next to the snippet name indicates unsaved code](./snippets-images/unsaved-changes.png)
 
 
+<!-- ====================================================================== -->
+## Allow pasting into the Snippet editor
+<!-- not upstream -->
+
+When you first try to paste content into the **Sources** tool > **Snippets** tab > snippet editor, instead of pasting, a **Do you trust this code?** dialog is displayed, with the message: "Don't paste code you do not understand or have not reviewed yourself into DevTools.  This could allow attackers to steal your identity or take control of your computer. Please type 'allow pasting' below to allow pasting."
+
+![Sources tool's Snippets tab editor displaying the self-XSS warning](./snippets-images/sources-self-xss-warning.png)
+
+This warning helps prevent self cross-site scripting attacks (self-XSS) on end-users.  To paste code, first type **allow pasting** in the dialog's text box, and then click the **Allow** button.  Then paste the content.  Or, start Edge with the flag below.
+
+Pasting into the **Console** tool is similar; see [Allow pasting into the Console](../console/console-javascript.md#allow-pasting-into-the-console) in _Run JavaScript in the Console_.
+
+
+<!-- ------------------------------ -->
+#### Disable self-XSS warnings by starting Edge with a command-line flag
+<!-- not upstream -->
+
+To prevent the above warnings and immediately allow pasting into the **Console** tool and the **Sources** tool's snippet editor, such as for automated testing, start Microsoft Edge from the command line, using the following flag: `--unsafely-disable-devtools-self-xss-warnings`.  The flag applies to a single session of Microsoft Edge.
+
+For example, on Windows:
+
+Edge Stable:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+Edge Beta:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge Beta\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+Edge Dev:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge Dev\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+Edge Canary:
+
+```shell
+"C:\Users\localAccount\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe" --unsafely-disable-devtools-self-xss-warnings
+```
+
+
 <!-- ====================================================================== -->
 ## Run a snippet
+<!-- Run snippets  https://developer.chrome.com/docs/devtools/javascript/snippets/#run -->
+
 
+<!-- ------------------------------ -->
 #### Run a snippet from the Sources tool
+<!-- Run a snippet in the Sources panel  https://developer.chrome.com/docs/devtools/javascript/snippets/#run-sources -->
 
 1. [Open the Snippets tab](#open-the-snippets-tab).
 
@@ -141,7 +212,10 @@ To edit the source code of a snippet:
 
    ![The run snippet button at the bottom of the code editor](./snippets-images/run-snippet-from-sources-tool.png)
 
+
+<!-- ------------------------------ -->
 #### Run a snippet from the Command Menu
+<!-- https://developer.chrome.com/docs/devtools/javascript/snippets/#run-command-menu -->
 
 1. Focus your cursor somewhere in DevTools.
 
@@ -156,6 +230,7 @@ To edit the source code of a snippet:
 
 <!-- ====================================================================== -->
 ## Rename a snippet
+<!-- Rename snippets  https://developer.chrome.com/docs/devtools/javascript/snippets/#rename -->
 
 1. [Open the Snippets tab](#open-the-snippets-tab).
 
@@ -164,22 +239,26 @@ To edit the source code of a snippet:
 
 <!-- ====================================================================== -->
 ## Delete a snippet
+<!-- Delete snippets  https://developer.chrome.com/docs/devtools/javascript/snippets/#delete -->
 
 1. [Open the Snippets tab](#open-the-snippets-tab).
 
 1. Right-click the snippet name, and then select **Remove**.
 
 
 <!-- ====================================================================== -->
-## Save a snippet
+## Save a snippet to disk as a file
+<!-- not upstream -->
 
-By default, snippets are only available within DevTools, but you can also save them to disk.
+By default, snippets are only available within DevTools, but you can also save snippets to disk.
 
 1. [Open the Snippets tab](#open-the-snippets-tab).
 
 1. Right-click the snippet name, and then select **Save as**.
 
-1. When prompted, enter a file name and location.
+   The **Save As** dialog opens.
+
+1. Select a folder, enter a file name (such as `Script snippet #1.js`), and then click the **Save** button.
 
 
 <!-- ====================================================================== -->