-
[【HTTP劫持和DNS劫持】实际JS对抗](https://www.cnblogs.com/kenkofox/p/4924088.html)
-
[JavaScript防http劫持与XSS](https://blog.csdn.net/z69183787/article/details/52496188)
相关代码
try {
setTimeout(function () {
t = Math.random();
data = {};
data.from = location.href;
data.urls = [];
isUrlLooksGood = function (url) {
if (url === 'about:blank') { return true; }
url = new URL(url); hostname = url.hostname;
var l = getLocation(url);
return /(baidu.com|qq.com|mydomain.com)$/.test(l.hostname);
};
$('script').each(function () {
var src = $(this).attr('src'); if (!src) { return; }
if (!isUrlLooksGood(src)) {
data.urls.push(src);
}
});
$('iframe').each(function () {
var src = $(this).attr('src'); if (!src) { return; }
if (!isUrlLooksGood(src)) {
data.urls.push(src);
}
});
if (data.urls.length > 0) {
(new Image).src = '/http_hijack.png?t=' + Math.random() + '&d=' + encodeURIComponent(JSON.stringify(data));
}
}, 3000);
} catch (e) { }本条目发布于[2018年4月25日](https://c4ys.com/archives/1402 "10:15")。属于[Web Frontend](Web security(https://c4ys.com/archives/category/web-security)分类,被贴了 [http劫持](https://c4ys.com/archives/tag/http%e5%8a%ab%e6%8c%81) 标签。