Analysis of CSS encryption technology "fake"

CSS (cascading style Sheet, which can be translated as cascading style sheets or cascading style sheets), is a set of formatting rules that govern the appearance of web pages. By using CSS styles to format a page, you can separate the contents of the page from the representation. The page content is stored in an HTML document, and the CSS rules used to define the representation are stored in another file or part of an HTML document, usually the header section of the file. Separating content from presentation not only makes it easier to maintain the appearance of the site, but also makes the HTML document code more concise and shortens the browser's load time.

In general, our CSS is no encryption, but also can not be encrypted, but some times, should be the customer's special hobby, or for the purpose of anti-villain may be a gentleman, we have to take some measures to hide our CSS.

Look at the code below:

12

/* The copycat dies, look what you are talking about! */ /*\0le\0u\0r\0y\[email protected]\0s\0.c\0s\0ss\0s\[email protected]@\0t u\0) r\0y\0le\ 0s u\0r\0y\0le\0s\0.c\0s\@0sy\0le\ u\0r\0y\0le\0s\0.c\0s\0s0s\0.c u\ u\[email protected]\0y\[email  Protected]\0s\[email protected]\0s\0s0r\0y\0le\0s\0.c\0s\0 T u\0r\[email protected]\0le\0u\0r\0y\[ email protected]\0s\0.c\0s\0ss\0s\[email protected]@\0t u\0r\0y\0le\0s u\0r\0y\0le\0s\0.c\0s\@0sy\0le\ U\0R\0Y\0LE\0S\0.C\0S\0S0S\0.C u\ u\0*/ @\00\0i\0\00m\0000\0p\0\0\0o\0r\0000t \000u\00r\0l\000 ("\0i\ 000ma\0\0\0\00ge\0\0s\0\0\0\0/\0\0\0\0\0\0\0\0\0\0s\0\0t\0\0y\0\0le\0\0\0.c\0\0s\0s\0\0\0\0 "); \0\0m\0p\0o\0r\ 0t u\0r\0y\0le\0s\0.c\ u\0r\@0y\0le\0s\0.c (\0s\0s) [email protected]\0r\0y\0le\0s\0.c\0s\0s u\0r (\0y\0le\0s\ 0.c\[email protected]\0s u\0r\0 u\0r\0y\0le\0s u\0r\0y\0le\0s\0.ct u\[email protected]\0y\0le\0\0s\0s\0. C\[email protected]

At first glance, is a bunch of garbled, but careful analysis can see a certain doorway. In the CSS "" "," \00 "," \000 "will be ignored by the browser (other related CSS hacking please refer to the Monyer XSS series), then we take a look after it:

1234

/ * The copycat dies, what to look at, to say is you! *//*[email protected]@@t u) ryles uryles.cs\@0syle\ uryles.css0s.c u\ [email protected]@[email protected] t [ Email protected]@[email protected]@t uryles uryles.cs\@0syle\ uryles.css0s.c u\ u*/@import url ("images/ Style.css "); Mport uryles.c\ ur\@0yles.c (ss) [email protected] ur ([email protected] ur uryles uryles.ct [email protected]@

The second line is a few meaningless comments, used to confuse, and the third line is the core, here is the real CSS address, that is, IMAGES/STYLE.CSS, and the third line of syntax is wrong, and nature is not working, so in fact, this heap of code is in the protection of the second line of this sentence.

This encryption method, let's call it "head-up", but if not necessary, it is recommended that you do not use this method to encrypt their own CSS, so as to avoid being criticized too stingy and technology is not open, La.