有什么方法可以阻止浏览器插件注入(inject)HTML代码?
我有一个用angularjs建的网站,但是由于某些浏览器附加组件,我的路线变得一团糟,这是HTML代码段,这导致我的angularjs出现了一些错误:
<script async="" src="http://b.scorecardresearch.com/beacon.js"></script>
<script type="text/javascript" async="" src="http://in1.perfectnavigator.com/d.php?id=57573&eid=&vdisp=0&u=http://www.domain.com/app/#/users&r=http://www.domain.com/site/profile/view/&vdisplayEn=0&vsliderEn=1&bannerAds=1&usadservEx=Oj45JDs7PTUiNg&lrc=0&curatedSite=0"></script>
<script type="text/javascript" src="https://api.jollywallet.com/affiliate/client?dist=111&sub=1&name=Browser%20Extensions"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOCA"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOis"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOiA"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOSA"></script>
<script type="text/javascript" src="https://colo.cachefly.net/js/min.inject.js?id=Pz8sOSs"></script>
<script type="text/javascript" src="http://www.superfish.com/ws/sf_main.jsp?dlsource=hhnkdzlc&CTID=ssaddon"></script>
<script type="text/javascript" src="http://istatic.datafastguru.info/fo/min/abc1RSQC.js"></script>
<script type="text/javascript" src="http://i.swebdpjs.info/sweb/javascript.js"></script>
<script type="text/javascript" src="http://cond01.etbxml.com/conduit_bundle/web/hotels.php?mamId=G8K2&userId=2222&appId=3333&&ui=1&ns=ETB_Hotels_Widget&partner=smg"></script>
<script type="text/javascript" src="http://cdn.visadd.com/script/14567725590/preload.js"></script>
<script type="text/javascript" src="https://www.tr553.com/InterYield/bindevent.do?e=click&affiliate=harel777&subid=iy&ecpm=0&debug=false&snoozeMinutes=1&adCountIntervalHours=24&maxAdCountsPerInterval=6&endpoint=https%3A%2F%2Fwww.tr553.com"></script>
<script type="text/javascript" src="https://intext.nav-links.com/js/intext.js?afid=wolfpack&subid=def&maxlinks=4&linkcolor=006bff&wiki=1"></script>
<script type="text/javascript" src="http://www.adcash.com/script/java.php?option=rotateur&r=234715"></script>
<script type="text/javascript" id="jw_00" src="//d2cnb4m0nke2lh.cloudfront.net/jollywallet/resources/js/2/affiliate_client.js"></script>
<script src="//jsgnr.datafastguru.info/fl/blm"></script>
<script src="//jsgnr.datafastguru.info/site-classification"></script>
<script src="//jsgnr.datafastguru.info/fl/blm"></script>
<script src="//jsgnr.datafastguru.info/bwl/wl"></script>
<script src="//jsgnr.datafastguru.info/fl/blm"></script>
<script src="//pstatic.datafastguru.info/fo/ecom/lang.js?c=in"></script>
<script src="//pstatic.datafastguru.info/rss/min/fo.min.js?v=2_3_621&b=dynamic&l=right"></script>
<script src="//jsgnr.datafastguru.info/bwl/wl?v=1"></script>
<script src="//jsgnr.datafastguru.info/site-classification"></script>
<script src="//pstatic.datafastguru.info/fo/ecom/lang.js?c=in"></script>
<script src="//jsgnr.datafastguru.info/bwl/wl?v=1"></script>
<script src="//pstatic.datafastguru.info/rb/min/fo.min.js?v=1_1_63"></script>
<script src="//jsgnr.datafastguru.info/bwl/bl"></script>
<script src="//jsgnr.datafastguru.info/bwl/bl?v=1"></script>
<script src="//jsgnr.datafastguru.info/bwl/bl?v=1"></script>
<script type="text/javascript" src="http://www.superfish.com/ws/sf_preloader.jsp?dlsource=hhnkdzlc&CTID=ssaddon&ver=2014.11.25.14.48"></script>
因此,我的网址是:
www.domain.com/app/#/users更改为
www.domain.com/users我收到与网址相关的错误:
TypeError: Cannot read property 'charAt' of undefined如果我在没有任何附加组件的浏览器上运行我的网站,则它的工作原理很吸引人,但是使用上述附加组件,我会遇到错误。
我们的网站用户之一面临此问题。有什么解决办法可以摆脱这种情况?
最佳答案
我仔细研究了如何将<script>元素注入(inject)到文档中,并防止加载代码。免责声明:我不是这个主题的专家,我只想分享我的尝试。
首先,我对 MutationObserver 玩了一点,观察DOM中是否创建了<script>元素,然后将其删除。我想出了以下代码段,该代码段是在HTML页面的开头添加的,应该是使其首先加载:
// Create the observer, registering our intercepting callback
var obs = new MutationObserver(function (mutations, obs) {
// Loop over reported mutations
mutations.forEach(function (mutation) {
// childList means nodes have been added. That's the only thing
// we're interested in
if (mutation.type !== 'childList') return;
// Check the added nodes
for (var i=0; i < mutation.addedNodes.length; i++) {
var node = mutation.addedNodes[i];
// Ignore all but SCRIPT elements
if (node.nodeName !== 'SCRIPT') return;
// Remove it
node.parentNode.removeChild(node);
console.log(node.nodeName);
}
});
});
// Start observer
obs.observe(document, {subtree: true, childList: true});
显然,这注定要失败。如果我需要让父元素删除该节点,则意味着它已经添加到DOM中,并在我进入该节点时被加载(至少正在加载)以防止出现该节点。
我试图通过覆盖
document.createElement 并返回<div>而不是<script>来到达那里:document.createElementOriginal = document.createElement;
document.createElement = function (tagName) {
if (tagName.toLowerCase() == 'script') {
console.log('Script interception');
tagName = 'div';
}
return document.createElementOriginal(tagName);
};
但是没有运气。看着控制台,没有报告拦截。还为时已晚。
我只能得出结论,在执行页面上的任何脚本之前已注入(inject)扩展数据,或者以与我可以在代码中访问的范围无关的方式进行元素注入(inject)。
如果您对我如何进行进一步调查有任何建议,请随时指出我的方向。
关于javascript - Javascript停止浏览器广告附加组件,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/27169045/