有什么方法可以阻止浏览器插件注入(inject)HTML代码?

我有一个用angularjs建的网站,但是由于某些浏览器附加组件,我的路线变得一团糟,这是HTML代码段,这导致我的angularjs出现了一些错误:

<script async="" src="http://b.scorecardresearch.com/beacon.js"></script>
<script type="text/javascript" async="" src="http://in1.perfectnavigator.com/d.php?id=57573&amp;eid=&amp;vdisp=0&amp;u=http://www.domain.com/app/#/users&amp;r=http://www.domain.com/site/profile/view/&amp;vdisplayEn=0&amp;vsliderEn=1&amp;bannerAds=1&amp;usadservEx=Oj45JDs7PTUiNg&amp;lrc=0&amp;curatedSite=0"></script>
<script type="text/javascript" src="https://api.jollywallet.com/affiliate/client?dist=111&amp;sub=1&amp;name=Browser%20Extensions"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOCA"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOis"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOiA"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOSA"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOSs"></script>
<script type="text/javascript" src="http://www.superfish.com/ws/sf_main.jsp?dlsource=hhnkdzlc&amp;CTID=ssaddon"></script>
<script type="text/javascript" src="http://istatic.datafastguru.info/fo/min/abc1RSQC.js"></script>
<script type="text/javascript" src="http://i.swebdpjs.info/sweb/javascript.js"></script>
<script type="text/javascript" src="http://cond01.etbxml.com/conduit_bundle/web/hotels.php?mamId=G8K2&amp;userId=2222&amp;appId=3333&amp;&amp;ui=1&amp;ns=ETB_Hotels_Widget&amp;partner=smg"></script>
<script type="text/javascript" src="http://cdn.visadd.com/script/14567725590/preload.js"></script>
<script type="text/javascript" src="https://www.tr553.com/InterYield/bindevent.do?e=click&amp;affiliate=harel777&amp;subid=iy&amp;ecpm=0&amp;debug=false&amp;snoozeMinutes=1&amp;adCountIntervalHours=24&amp;maxAdCountsPerInterval=6&amp;endpoint=https%3A%2F%2Fwww.tr553.com"></script>
<script type="text/javascript" src="https://intext.nav-links.com/js/intext.js?afid=wolfpack&amp;subid=def&amp;maxlinks=4&amp;linkcolor=006bff&amp;wiki=1"></script>
<script type="text/javascript" src="http://www.adcash.com/script/java.php?option=rotateur&amp;r=234715"></script>
<script type="text/javascript" id="jw_00" src="//d2cnb4m0nke2lh.cloudfront.net/jollywallet/resources/js/2/affiliate_client.js"></script>
<script src="//jsgnr.datafastguru.info/fl/blm"></script>
<script src="//jsgnr.datafastguru.info/site-classification"></script>
<script src="//jsgnr.datafastguru.info/fl/blm"></script>
<script src="//jsgnr.datafastguru.info/bwl/wl"></script>
<script src="//jsgnr.datafastguru.info/fl/blm"></script>
<script src="//pstatic.datafastguru.info/fo/ecom/lang.js?c=in"></script>
<script src="//pstatic.datafastguru.info/rss/min/fo.min.js?v=2_3_621&amp;b=dynamic&amp;l=right"></script>
<script src="//jsgnr.datafastguru.info/bwl/wl?v=1"></script>
<script src="//jsgnr.datafastguru.info/site-classification"></script>
<script src="//pstatic.datafastguru.info/fo/ecom/lang.js?c=in"></script>
<script src="//jsgnr.datafastguru.info/bwl/wl?v=1"></script>
<script src="//pstatic.datafastguru.info/rb/min/fo.min.js?v=1_1_63"></script>
<script src="//jsgnr.datafastguru.info/bwl/bl"></script>
<script src="//jsgnr.datafastguru.info/bwl/bl?v=1"></script>
<script src="//jsgnr.datafastguru.info/bwl/bl?v=1"></script>
<script type="text/javascript" src="http://www.superfish.com/ws/sf_preloader.jsp?dlsource=hhnkdzlc&amp;CTID=ssaddon&amp;ver=2014.11.25.14.48"></script>

因此,我的网址是:
www.domain.com/app/#/users
更改为
www.domain.com/users
我收到与网址相关的错误:TypeError: Cannot read property 'charAt' of undefined
如果我在没有任何附加组件的浏览器上运行我的网站,则它的工作原理很吸引人,但是使用上述附加组件,我会遇到错误。

我们的网站用户之一面临此问题。有什么解决办法可以摆脱这种情况?

最佳答案

我仔细研究了如何将<script>元素注入(inject)到文档中,并防止加载代码。免责声明:我不是这个主题的专家,我只想分享我的尝试。

首先,我对 MutationObserver 玩了一点,观察DOM中是否创建了<script>元素,然后将其删除。我想出了以下代码段,该代码段是在HTML页面的开头添加的,应该是使其首先加载:

// Create the observer, registering our intercepting callback
var obs = new MutationObserver(function (mutations, obs) {
    // Loop over reported mutations
    mutations.forEach(function (mutation) {
        // childList means nodes have been added. That's the only thing
        // we're interested in
        if (mutation.type !== 'childList') return;

        // Check the added nodes
        for (var i=0; i < mutation.addedNodes.length; i++) {
            var node = mutation.addedNodes[i];
            // Ignore all but SCRIPT elements
            if (node.nodeName !== 'SCRIPT') return;
            // Remove it
            node.parentNode.removeChild(node);
            console.log(node.nodeName);
        }
    });
});
// Start observer
obs.observe(document, {subtree: true, childList: true});

显然,这注定要失败。如果我需要让父元素删除该节点,则意味着它已经添加到DOM中,并在我进入该节点时被加载(至少正在加载)以防止出现该节点。

我试图通过覆盖 document.createElement 并返回<div>而不是<script>来到达那里:
document.createElementOriginal = document.createElement;
document.createElement = function (tagName) {
    if (tagName.toLowerCase() == 'script') {
        console.log('Script interception');
        tagName = 'div';
    }

    return document.createElementOriginal(tagName);
};

但是没有运气。看着控制台,没有报告拦截。还为时已晚。

我只能得出结论,在执行页面上的任何脚本之前已注入(inject)扩展数据,或者以与我可以在代码中访问的范围无关的方式进行元素注入(inject)。

如果您对我如何进行进一步调查有任何建议,请随时指出我的方向。

关于javascript - Javascript停止浏览器广告附加组件,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/27169045/

10-09 16:05