我正在我的网页上运行第三方javascripts ,他们在未经我同意的情况下抓取href
网址。有没有办法阻止它并避免它们访问它而不用iframe调用它们?
也许我可以重新定义window.location.href
值,以便他们无法访问它,因为它在网址中?
感谢您的帮助!
答案 0 :(得分:0)
location.href属性是只读的。我只能使用此stackoverflow帖子中概述的greasemonkey脚本的修改版本来部分解决此问题:Stop execution of Javascript function (client side) or tweak it
在下面的脚本中,调用函数displayUrl(),它将document.location.href警告到屏幕。 greasemonkey脚本使用Document.onbeforescriptexecute事件在javascript被执行之前拦截它,并用另一个字符串替换document.location.href。
只有firefox支持onbeforescriptexecute并且是非标准的:https://developer.mozilla.org/en-US/docs/Web/API/Document/onbeforescriptexecute
所以这不是一个理想的解决方案,但这个例子可能会给你一些想法。
<html>
<head>
</head>
<body>
<script>
function checkForBadJavascripts (controlArray) {
/*--- Note that this is a self-initializing function. The controlArray
parameter is only active for the FIRST call. After that, it is an
event listener.
The control array row is defines like so:
[bSearchSrcAttr, identifyingRegex, callbackFunction]
Where:
bSearchSrcAttr True to search the SRC attribute of a script tag
false to search the TEXT content of a script tag.
identifyingRegex A valid regular expression that should be unique
to that particular script tag.
callbackFunction An optional function to execute when the script is
found. Use null if not needed.
*/
if ( ! controlArray.length) return null;
checkForBadJavascripts = function (zEvent) {
for (var J = controlArray.length - 1; J >= 0; --J) {
var bSearchSrcAttr = controlArray[J][0];
var identifyingRegex = controlArray[J][1];
if (bSearchSrcAttr) {
if (identifyingRegex.test (zEvent.target.src) ) {
stopBadJavascript (J);
return false;
}
}
else {
if (identifyingRegex.test (zEvent.target.textContent) ) {
stopBadJavascript (J);
return false;
}
}
}
function stopBadJavascript (controlIndex) {
zEvent.stopPropagation ();
zEvent.preventDefault ();
var callbackFunction = controlArray[J][2];
//if (typeof callbackFunction == "function") {
//callbackFunction ();
if (bSearchSrcAttr) {
var jsScript = zEvent.target.src;
} else {
var jsScript = zEvent.target.textContent;
}
jsScript = jsScript.replace("document.location.href", "'http://example.com'");
eval(jsScript);
//}
//--- Remove the node just to clear clutter from Firebug inspection.
zEvent.target.parentNode.removeChild (zEvent.target);
//--- Script is intercepted, remove it from the list.
controlArray.splice (J, 1);
if ( ! controlArray.length) {
//--- All done, remove the listener.
window.removeEventListener (
'beforescriptexecute', checkForBadJavascripts, true
);
}
}
}
/*--- Use the "beforescriptexecute" event to monitor scipts as they are loaded.
See https://developer.mozilla.org/en/DOM/element.onbeforescriptexecute
Note that it does not work on acripts that are dynamically created.
*/
window.addEventListener ('beforescriptexecute', checkForBadJavascripts, true);
return checkForBadJavascripts;
}
function addJS_Node (text, s_URL, funcToRun) {
var D = document;
var scriptNode = D.createElement ('script');
scriptNode.type = "text/javascript";
if (text) scriptNode.textContent = text;
if (s_URL) scriptNode.src = s_URL;
if (funcToRun) scriptNode.textContent = '(' + funcToRun.toString() + ')()';
var targ = D.getElementsByTagName ('head')[0] || D.body || D.documentElement;
//--- Don't error check here. if DOM not available, should throw error.
targ.appendChild (scriptNode);
}
/*--- Check for bad scripts to intercept and specify any actions to take.
*/
checkForBadJavascripts ( [
[ false,
/document.location.href/,
function () {
addJS_Node (replaceScript);
}
]
] );
</script>
<script>
function displayUrl()
{
var pageUrl = document.location.href;
alert(pageUrl);
}
displayUrl();
</script>
</body>
</html>
注意:我已将以下代码添加到原始的greasemonkey脚本中:
//if (typeof callbackFunction == "function") {
//callbackFunction ();
if (bSearchSrcAttr) {
var jsScript = zEvent.target.src;
} else {
var jsScript = zEvent.target.textContent;
}
jsScript = jsScript.replace("document.location.href", "'http://example.com'");
eval(jsScript);
//}