通过JS记录和阻止http劫持

相关代码

try {
    setTimeout(function () {
        t = Math.random();
        data = {};
        data.from = location.href;
        data.urls = [];
        isUrlLooksGood = function (url) {
            if (url === 'about:blank') { return true; }
            url = new URL(url); hostname = url.hostname;
            var l = getLocation(url);
            return /(baidu.com|qq.com|mydomain.com)$/.test(l.hostname);
        };
        $('script').each(function () {
            var src = $(this).attr('src'); if (!src) { return; }
            if (!isUrlLooksGood(src)) {
                data.urls.push(src);
            }
        });
        $('iframe').each(function () {
            var src = $(this).attr('src'); if (!src) { return; }
            if (!isUrlLooksGood(src)) {
                data.urls.push(src);
            }
        });
        if (data.urls.length > 0) {
            (new Image).src = '/http_hijack.png?t=' + Math.random() + '&d=' + encodeURIComponent(JSON.stringify(data));
        }
    }, 3000);
} catch (e) { }

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

*

code