Domの Hijacking

Source: Internet
Author: User

Write the front

For the hijacking of the operator which has

Put the original page into the IFRAME and then a peer ad. The solution to this problem is to detect if it is embedded in an IFRAME and then the href jumps out! But it doesn't work!

If there is a solution, please share ~


Monitoring of the DOM is something mutation does, but that thing is asynchronous, which means it can't be manipulated before rendering.

In low-version ie, it's a dream to hijack Dom because those ' antiques ' have no concept of prototype chain!

An example of a appendchild hijacking exists in node.

As follows

{        Const ACD = Node.prototype.appendChild;        Node.prototype.appendChild = function (... a) {            if (/script/i.test (a[0].nodename) &&                !/([\s\s]+) (?: \. Miku\.js)/.test (A[0].SRC)            ) {                return Console.warn (' ... ');            }            Acd.apply (this, a);        };     }

Next, if append a script tag to make it src A.js then it won't succeed.

Only the src of the script tag will not be hijacked until the end of the. Miku.js

Of course, you can hijack the get set for innerHTML as follows

{            const ET = element.prototype;             CONST FN = object.getownpropertydescriptor (Et, ' InnerHTML ');            Object.defineproperties (Et, {                InnerHTML: {                     get () {                             return fn.get.apply (this,arguments);                       }                     , Set (s) {                         fn.set.apply (this,[new Array (1e1). Join (s)]);}}            );        } Const D = document.createelement (' div ');        d.innerhtml = ' Meng Meng Meng ';

The whole DOM is in control!

But not all property methods can be hijacked. You can try it yourself.

The norm is too messy or too dependent on this thing.

Domの Hijacking

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.