CSS solves the issue of webpage Trojans

Nowadays, webpage Trojans are getting more and more rampant, especially for websites with low security awareness. They lack professional security technical talents. Trojan often occurs. Now let's take a look at how CSS can solve this problem. There are five solutions to solve the webpage Trojan issue through two lines of CSS.

I,

Iframe {n1ifm: expression (this. src = 'about: blank ', this. outerHTML = '');}/* this line of code solves the problem of hanging IFRAME Trojans */

Script {nojs1: expression (this. src. toLowerCase (). indexOf ('http') = 0 )? Document. write ('Trojan is isolated successfully! '):'');}

Principle: Use the src mark in script to convert it to lowercase, and check whether it is an external domain JS script file starting with "http". If yes, the page content is cleared and the "Trojan is isolated successfully!" is written! ". Otherwise, it is displayed normally. Disadvantage: the visitor cannot see the page infected with the script Trojan.

II,

Iframe {nifm2: expression (this. src = 'about: blank ', this. outerHTML = '');}

Script {no2js: expression (this. src. toLowerCase (). indexOf ('http') = 0 )? Document. close ():'');}

Principle: Force disable document. write () of JS files in external domains using document. close. The trojan content has not been written yet. Only some of the content has been forcibly cached and output, and the rest will not be written.

III,

Iframe {ni3fm: expression (this. src = 'about: blank ', this. outerHTML = '');}

Script {n3ojs: expression (this. src. toLowerCase (). indexOf ('http') = 0 )? Document.exe cCommand ('stop '):'');}

Principle: The same as the JS file to the external domain, immediately call the IE private execCommand method to stop all requests on the page, so the subsequent external domain JS file is also forced to stop downloading. Just Like clicking the "stop" button in the browser. It seems that this is a method for JS to simulate the IE stop button.

IV,

Iframe {nif4m: expression (this. src = 'about: blank ', this. outerHTML = '');}

Script {noj4s: expression (if (this. src. indexOf ('HTTP ') = 0) this. src = 'res: // ieframe. dll/dnserror.htm ');}

Principle: overwrite the src of the JS file in the external domain to the address of the IE404 error page. In this way, the JS Code in the external domain will not be downloaded.

V,

Iframe {nifm5: expression (this. src = 'about: blank ', this. outerHTML = '');}

Script {noj5s: expression (this. id. toLowerCase (). indexOf ('vok ')! =-1 )? Document. write ('Trojan is isolated successfully! '):''));}

In the fifth solution, the page HTML source code script should contain the id prefixed with "lh", such as lhWeatherJSapi and script src = "***/**. js "id =" lhSearchJSapi "/script