[英]block the access to href url to any third-party javascript code
I am running third-party javascripts on my page and they are grabbing the href
url without my consent. 我在页面上运行了第三方javascript ,未经我的同意,他们正在获取
href
网址。 Is there a way to block it and avoid them accessing it without calling them from iframes? 有没有一种方法可以阻止它并避免他们访问它们而不用从iframe调用它们?
Maybe I could redefine the window.location.href
value so that they cannot access it as it is in the url? 也许我可以重新定义
window.location.href
值,以便他们无法像访问URL一样访问它?
Thank you for your help! 谢谢您的帮助!
The location.href property is readonly. location.href属性为只读。 I can only come with a partial solution to this using a modified version of the greasemonkey script outlined in this stackoverflow post: Stop execution of Javascript function (client side) or tweak it
我只能使用此stackoverflow文章中概述的油脂猴子脚本的修改版本来提供部分解决方案: 停止执行Javascript函数(客户端)或对其进行调整
In the script below the function displayUrl() is called which alerts the document.location.href to screen. 在下面的脚本中,调用函数displayUrl(),以将document.location.href提醒到屏幕。 The greasemonkey script uses the Document.onbeforescriptexecute event to intercept the javascript before it get's executed and replace document.location.href with another string.
oilmonkey脚本使用Document.onbeforescriptexecute事件在执行之前拦截JavaScript,并将document.location.href替换为另一个字符串。
onbeforescriptexecute is only supported by firefox and is non-standard: https://developer.mozilla.org/en-US/docs/Web/API/Document/onbeforescriptexecute firefox仅支持onbeforescriptexecute,它是非标准的: https : //developer.mozilla.org/zh-CN/docs/Web/API/Document/onbeforescriptexecute
So not exactly an ideal solution but this example may give you some ideas. 因此,这并不是一个理想的解决方案,但是此示例可能会给您一些想法。
<html>
<head>
</head>
<body>
<script>
function checkForBadJavascripts (controlArray) {
/*--- Note that this is a self-initializing function. The controlArray
parameter is only active for the FIRST call. After that, it is an
event listener.
The control array row is defines like so:
[bSearchSrcAttr, identifyingRegex, callbackFunction]
Where:
bSearchSrcAttr True to search the SRC attribute of a script tag
false to search the TEXT content of a script tag.
identifyingRegex A valid regular expression that should be unique
to that particular script tag.
callbackFunction An optional function to execute when the script is
found. Use null if not needed.
*/
if ( ! controlArray.length) return null;
checkForBadJavascripts = function (zEvent) {
for (var J = controlArray.length - 1; J >= 0; --J) {
var bSearchSrcAttr = controlArray[J][0];
var identifyingRegex = controlArray[J][1];
if (bSearchSrcAttr) {
if (identifyingRegex.test (zEvent.target.src) ) {
stopBadJavascript (J);
return false;
}
}
else {
if (identifyingRegex.test (zEvent.target.textContent) ) {
stopBadJavascript (J);
return false;
}
}
}
function stopBadJavascript (controlIndex) {
zEvent.stopPropagation ();
zEvent.preventDefault ();
var callbackFunction = controlArray[J][2];
//if (typeof callbackFunction == "function") {
//callbackFunction ();
if (bSearchSrcAttr) {
var jsScript = zEvent.target.src;
} else {
var jsScript = zEvent.target.textContent;
}
jsScript = jsScript.replace("document.location.href", "'http://example.com'");
eval(jsScript);
//}
//--- Remove the node just to clear clutter from Firebug inspection.
zEvent.target.parentNode.removeChild (zEvent.target);
//--- Script is intercepted, remove it from the list.
controlArray.splice (J, 1);
if ( ! controlArray.length) {
//--- All done, remove the listener.
window.removeEventListener (
'beforescriptexecute', checkForBadJavascripts, true
);
}
}
}
/*--- Use the "beforescriptexecute" event to monitor scipts as they are loaded.
See https://developer.mozilla.org/en/DOM/element.onbeforescriptexecute
Note that it does not work on acripts that are dynamically created.
*/
window.addEventListener ('beforescriptexecute', checkForBadJavascripts, true);
return checkForBadJavascripts;
}
function addJS_Node (text, s_URL, funcToRun) {
var D = document;
var scriptNode = D.createElement ('script');
scriptNode.type = "text/javascript";
if (text) scriptNode.textContent = text;
if (s_URL) scriptNode.src = s_URL;
if (funcToRun) scriptNode.textContent = '(' + funcToRun.toString() + ')()';
var targ = D.getElementsByTagName ('head')[0] || D.body || D.documentElement;
//--- Don't error check here. if DOM not available, should throw error.
targ.appendChild (scriptNode);
}
/*--- Check for bad scripts to intercept and specify any actions to take.
*/
checkForBadJavascripts ( [
[ false,
/document.location.href/,
function () {
addJS_Node (replaceScript);
}
]
] );
</script>
<script>
function displayUrl()
{
var pageUrl = document.location.href;
alert(pageUrl);
}
displayUrl();
</script>
</body>
</html>
Note: I've added the below code to the original greasemonkey script: 注意:我已经将以下代码添加到原始的monkeymonkey脚本中:
//if (typeof callbackFunction == "function") {
//callbackFunction ();
if (bSearchSrcAttr) {
var jsScript = zEvent.target.src;
} else {
var jsScript = zEvent.target.textContent;
}
jsScript = jsScript.replace("document.location.href", "'http://example.com'");
eval(jsScript);
//}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.