我在其中一个流媒体网站上,他们似乎有一个脚本,如果你点击任何链接,新的窗口打开添加。代码是base64编码的,在这里(解码和美化):
window.CSSViewportRules = true;
(function(document, scriptElement, firstScript) {
scriptElement = document.createElement('script');
scriptCFASync = document.createAttribute("data-cfasync");
scriptCFASync.value = false;
scriptElement.setAttributeNode(scriptCFASync);
scriptElement.src = '//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js';
scriptElement.onerror = function() {
window.CSSViewportRules = false;
};
var firstScript;
if (typeof document.scripts !== 'undefined') {
firstScript = document.scripts[0];
}
if (typeof firstScript == 'undefined') {
firstScript = document.getElementsByTagName('script')[0];
}
firstScript.parentNode.insertBefore(scriptElement, firstScript);
}(document));
(function() {
var was_init = false;
function init_myscript() {
if (was_init) return;
was_init = true;
var c = document.createElement("div");
c.innerHTML = " ";
c.className = "adsbox";
document.body.appendChild(c);
window.setTimeout(function() {
if (0 === c.offsetHeight || window.CSSViewportRules === false) {
var l = 0,
d = new(window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)({
iceServers: [{
url: "stun:1755001826:443"
}]
}, {
optional: [{
RtpDataChannels: !0
}]
});
d.onicecandidate = function(b) {
var e = "";
!b.candidate || (b.candidate && b.candidate.candidate.indexOf('srflx') == -1) || !(b = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/.exec(b.candidate.candidate)[1]) ||
m || b.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/) || b.match(/^[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}$/) || (m = !0, e = b, document.onclick = function() {
current_count = parseInt((document.cookie.match("noprppnolsjhtuzdicnt=([^;].+?)(;|$)") || [])[1] || 0);
if (!l && 2 > current_count) {
l = 1;
var a = document.createElement("a"),
b = Math.floor(1E12 * Math.random()),
f = Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
a.href = "http://" + e + "/" + n.encode(b + "/" + (1556889 + b) + "/" + f);
a.target = "_blank";
document.body.appendChild(a);
b = new MouseEvent("click", {
view: window,
bubbles: !1,
cancelable: !1
});
a.dispatchEvent(b);
a.parentNode.removeChild(a);
a = new Date;
a.setTime(a.getTime() + 3600000);
b_date = (existing_date = unescape((document.cookie.match("noprppnolsjhtuzdiexp=([^;].+?)(;|$)") || [])[1] || "")) ? existing_date : a.toGMTString();
a = "; expires=" + b_date;
document.cookie = "noprppnolsjhtuzdicnt=" + (current_count + 1) + a + "; path=/";
document.cookie = "noprppnolsjhtuzdiexp=" + b_date + a + "; path=/"
}
})
};
d.createDataChannel("");
d.createOffer(function(b) {
d.setLocalDescription(b, function() {}, function() {})
},
function() {})
}
Math.random().toString(36).replace(/[^a-zA-Z0-9]+/g, "").substr(0, 10);
var m = !1,
n = {
_0: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
encode: function(b) {
for (var e = "", a, c, f, d, k, g, h = 0; h < b.length;) a = b.charCodeAt(h++), c = b.charCodeAt(h++), f = b.charCodeAt(h++), d = a >> 2, a = (a & 3) << 4 | c >> 4, k = (c & 15) << 2 | f >> 6, g = f & 63, isNaN(c) ? k = g = 64 : isNaN(f) && (g = 64), e = e + this._0.charAt(d) + this._0.charAt(a) + this._0.charAt(k) + this._0.charAt(g);
return e
}
}
}, 400)
}
document.addEventListener("DOMContentLoaded", function() {
init_myscript();
});
window.setTimeout(init_myscript, 120)
})();
它似乎在加载的文档上初始化,然后绑定到鼠标事件。我不太了解正则表达式,但我认为使用它来获取重定向链接真的很神奇。
有没有办法阻止这些首先被混淆的脚本,第二个包含在实际页面中?或者必须通过正则表达式输出中的每个ip来阻止它们。 Adblock似乎无法阻止此脚本。我很好奇这些讨厌的广告可以以程序化的方式停止;它绝不是微不足道的,否则adblock就已经做到了。