阻止访问href网址到任何第三方javascript代码
[英]block the access to href url to any third-party javascript code
问题描述
I am running third-party javascripts on my page and they are grabbing the href url without my consent. 
我在页面上运行了第三方javascript ,未经我的同意,他们正在获取href网址。 Is there a way to block it and avoid them accessing it without calling them from iframes? 有没有一种方法可以阻止它并避免他们访问它们而不用从iframe调用它们?
Maybe I could redefine the window.location.href value so that they cannot access it as it is in the url? 也许我可以重新定义window.location.href值,以便他们无法像访问URL一样访问它?
Thank you for your help! 谢谢您的帮助!
1 个解决方案
解决方案1
0 2015-09-24 11:55:46
The location.href property is readonly. location.href属性为只读。 I can only come with a partial solution to this using a modified version of the greasemonkey script outlined in this stackoverflow post: Stop execution of Javascript function (client side) or tweak it 我只能使用此stackoverflow文章中概述的油脂猴子脚本的修改版本来提供部分解决方案: 停止执行Javascript函数(客户端)或对其进行调整
In the script below the function displayUrl() is called which alerts the document.location.href to screen. 在下面的脚本中,调用函数displayUrl(),以将document.location.href提醒到屏幕。 The greasemonkey script uses the Document.onbeforescriptexecute event to intercept the javascript before it get's executed and replace document.location.href with another string. oilmonkey脚本使用Document.onbeforescriptexecute事件在执行之前拦截JavaScript,并将document.location.href替换为另一个字符串。
onbeforescriptexecute is only supported by firefox and is non-standard: https://developer.mozilla.org/en-US/docs/Web/API/Document/onbeforescriptexecute firefox仅支持onbeforescriptexecute,它是非标准的: https : //developer.mozilla.org/zh-CN/docs/Web/API/Document/onbeforescriptexecute
So not exactly an ideal solution but this example may give you some ideas. 因此,这并不是一个理想的解决方案,但是此示例可能会给您一些想法。
<html>
<head>
</head>
<body>
<script>
function checkForBadJavascripts (controlArray) {
/*--- Note that this is a self-initializing function. The controlArray
parameter is only active for the FIRST call. After that, it is an
event listener.
The control array row is defines like so:
[bSearchSrcAttr, identifyingRegex, callbackFunction]
Where:
bSearchSrcAttr True to search the SRC attribute of a script tag
false to search the TEXT content of a script tag.
identifyingRegex A valid regular expression that should be unique
to that particular script tag.
callbackFunction An optional function to execute when the script is
found. Use null if not needed.
*/
if ( ! controlArray.length) return null;
checkForBadJavascripts = function (zEvent) {
for (var J = controlArray.length - 1; J >= 0; --J) {
var bSearchSrcAttr = controlArray[J][0];
var identifyingRegex = controlArray[J][1];
if (bSearchSrcAttr) {
if (identifyingRegex.test (zEvent.target.src) ) {
stopBadJavascript (J);
return false;
}
}
else {
if (identifyingRegex.test (zEvent.target.textContent) ) {
stopBadJavascript (J);
return false;
}
}
}
function stopBadJavascript (controlIndex) {
zEvent.stopPropagation ();
zEvent.preventDefault ();
var callbackFunction = controlArray[J][2];
//if (typeof callbackFunction == "function") {
//callbackFunction ();
if (bSearchSrcAttr) {
var jsScript = zEvent.target.src;
} else {
var jsScript = zEvent.target.textContent;
}
jsScript = jsScript.replace("document.location.href", "'http://example.com'");
eval(jsScript);
//}
//--- Remove the node just to clear clutter from Firebug inspection.
zEvent.target.parentNode.removeChild (zEvent.target);
//--- Script is intercepted, remove it from the list.
controlArray.splice (J, 1);
if ( ! controlArray.length) {
//--- All done, remove the listener.
window.removeEventListener (
'beforescriptexecute', checkForBadJavascripts, true
);
}
}
}
/*--- Use the "beforescriptexecute" event to monitor scipts as they are loaded.
See https://developer.mozilla.org/en/DOM/element.onbeforescriptexecute
Note that it does not work on acripts that are dynamically created.
*/
window.addEventListener ('beforescriptexecute', checkForBadJavascripts, true);
return checkForBadJavascripts;
}
function addJS_Node (text, s_URL, funcToRun) {
var D = document;
var scriptNode = D.createElement ('script');
scriptNode.type = "text/javascript";
if (text) scriptNode.textContent = text;
if (s_URL) scriptNode.src = s_URL;
if (funcToRun) scriptNode.textContent = '(' + funcToRun.toString() + ')()';
var targ = D.getElementsByTagName ('head')[0] || D.body || D.documentElement;
//--- Don't error check here. if DOM not available, should throw error.
targ.appendChild (scriptNode);
}
/*--- Check for bad scripts to intercept and specify any actions to take.
*/
checkForBadJavascripts ( [
[ false,
/document.location.href/,
function () {
addJS_Node (replaceScript);
}
]
] );
</script>
<script>
function displayUrl()
{
var pageUrl = document.location.href;
alert(pageUrl);
}
displayUrl();
</script>
</body>
</html>
Note: I've added the below code to the original greasemonkey script: 注意:我已经将以下代码添加到原始的monkeymonkey脚本中:
//if (typeof callbackFunction == "function") {
//callbackFunction ();
if (bSearchSrcAttr) {
var jsScript = zEvent.target.src;
} else {
var jsScript = zEvent.target.textContent;
}
jsScript = jsScript.replace("document.location.href", "'http://example.com'");
eval(jsScript);
//}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.