Javascript source code:
Copy codeThe Code is as follows:
Function showImg (url ){
Var imgid = Math. random (),
Frameid = 'frameimg '+ imgid;
Window ['img '+ imgid] =' <script> window. onload = function () {parent.doc ument. getElementById (\ ''+ frameid + '\'). height = document. getElementById (\ 'img \'). height + \ 'px \ ';} <' + '/script> ';
Document. write ('<iframe id = "' + frameid + '" src = "javascript: parent [\ 'img' + imgid + '\']; "frameBorder =" 0 "scrolling =" no "width =" 100% "> </iframe> ');
}
Call method:
Copy codeThe Code is as follows:
ShowImg ('image address ');
Complete DEMO code:
<Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312"/> direct leeching: <br> js cracking leeching: <br>
[Ctrl + A select all Note: If you need to introduce external Js, You need to refresh it to execute]
Compatibility: IE6, IE7, IE8, chrome 7, FF3.6, and Opera10.63 have been tested.
Defense method:
1. referer is not allowed to be blank (it is not recommended because referer is blank in Some browsers that enable privacy mode or when referenced by https pages );
2. Address Change (lighttpd is based on the effective time, And nginx is based on md5 );
3. logon verification (for example, you must log on to the website account before accessing the account );