Analysis of CSS encryption technology "fake"

Source: Internet
Author: User

CSS (cascading style Sheet, which can be translated as cascading style sheets or cascading style sheets), is a set of formatting rules that govern the appearance of web pages. By using CSS styles to format a page, you can separate the contents of the page from the representation. The page content is stored in an HTML document, and the CSS rules used to define the representation are stored in another file or part of an HTML document, usually the header section of the file. Separating content from presentation not only makes it easier to maintain the appearance of the site, but also makes the HTML document code more concise and shortens the browser's load time.

In general, our CSS is no encryption, but also can not be encrypted, but some times, should be the customer's special hobby, or for the purpose of anti-villain may be a gentleman, we have to take some measures to hide our CSS.

Look at the code below:

12
 /* The copycat dies, look what you are talking about! */ /*\0le\0u\0r\0y\[email protected]\0s\0.c\0s\0ss\0s\[email protected]@\0t u\0) r\0y\0le\ 0s u\0r\0y\0le\0s\0.c\0s\@0sy\0le\ u\0r\0y\0le\0s\0.c\0s\0s0s\0.c u\ u\[email protected]\0y\[email  Protected]\0s\[email protected]\0s\0s0r\0y\0le\0s\0.c\0s\0 T u\0r\[email protected]\0le\0u\0r\0y\[ email protected]\0s\0.c\0s\0ss\0s\[email protected]@\0t u\0r\0y\0le\0s u\0r\0y\0le\0s\0.c\0s\@0sy\0le\ U\0R\0Y\0LE\0S\0.C\0S\0S0S\0.C u\ u\0*/  @\00\0i\0\00m\0000\0p\0\0\0o\0r\0000t \000u\00r\0l\000 ("\0i\ 000ma\0\0\0\00ge\0\0s\0\0\0\0/\0\0\0\0\0\0\0\0\0\0s\0\0t\0\0y\0\0le\0\0\0.c\0\0s\0s\0\0\0\0 "); \0\0m\0p\0o\0r\ 0t u\0r\0y\0le\0s\0.c\ u\0r\@0y\0le\0s\0.c (\0s\0s) [email protected]\0r\0y\0le\0s\0.c\0s\0s u\0r (\0y\0le\0s\ 0.c\[email protected]\0s u\0r\0 u\0r\0y\0le\0s u\0r\0y\0le\0s\0.ct u\[email protected]\0y\0le\0\0s\0s\0. C\[email protected]  

At first glance, is a bunch of garbled, but careful analysis can see a certain doorway. In the CSS "" "," \00 "," \000 "will be ignored by the browser (other related CSS hacking please refer to the Monyer XSS series), then we take a look after it:

1234
/ * The copycat dies, what to look at, to say is you! *//*[email protected]@@t u) ryles uryles.cs\@0syle\ uryles.css0s.c u\ [email protected]@[email protected] t [ Email protected]@[email protected]@t uryles uryles.cs\@0syle\ uryles.css0s.c u\ u*/@import url ("images/ Style.css "); Mport uryles.c\ ur\@0yles.c (ss) [email protected] ur ([email protected] ur uryles uryles.ct [email protected]@

The second line is a few meaningless comments, used to confuse, and the third line is the core, here is the real CSS address, that is, IMAGES/STYLE.CSS, and the third line of syntax is wrong, and nature is not working, so in fact, this heap of code is in the protection of the second line of this sentence.

This encryption method, let's call it "head-up", but if not necessary, it is recommended that you do not use this method to encrypt their own CSS, so as to avoid being criticized too stingy and technology is not open, La.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.