Don't count on this. There are ways to guess if the dev tools are likely to be open and then alter nefarious behavior based on that.
For example you can detect changes in window sizes or look for plugins that are in the global namespace (e.g. Redux Dev Tools). Better play it safe and don't copy and paste private data to random sites.
Another attack vector would be to avoid sending down any data unless it contains something that looks like a hash or a token, or has a keyword like "password."
For example you can detect changes in window sizes or look for plugins that are in the global namespace (e.g. Redux Dev Tools). Better play it safe and don't copy and paste private data to random sites.
Another attack vector would be to avoid sending down any data unless it contains something that looks like a hash or a token, or has a keyword like "password."