这个 iFrame 是恶意弹出窗口的来源吗?
Is this iFrame the source of a malicious popup?
1) 这是什么意思?
<link rel="dns-prefetch" href="//cpro.baidu.com">
2) 使用我的页面时,我收到恶意弹出窗口。 baidu.com(iframe src)是这些弹窗的来源吗?
完整代码:
<iframe data-srcdoc="<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta charset="text/html;charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<script>document.charset='utf-8'</script>
<link rel="dns-prefetch" href="//cpro.baidu.com">
<link rel="dns-prefetch" href="//www.baidu.com">
<script>
function clickevent(n, e) {var w;for (var i = n.split(","), o = 0, r = i.length; r > o; o++)(new Image).src = i[o];try{window !== window.parent.window && window.parent.window.clickevent && (w = window.parent.window.clickevent(e));}catch(e){}return w === false ? false: (w && (e.href += (e.href.indexOf("?") > -1 ? "&": "?") + "sync=" + encodeURIComponent(w)), !0)}
</script>
</head>
<body oncontextmenu=self.event.returnValue=false>
<img src='http://www.baidu.com/img/baidu_jgylogo3.gif?1478733648305' style='display: none;'>
<div class="slot content padding background border">
<a onclick='return clickevent("", this)' style="text-align: center; width:100%; height:100%; margin: 0px auto;" href="http://ssp.gclick.cn/clk2.html?q=RkZrbTJON1FrTV9zU0VvWVZ5QzBOWlRwQTFzeyJ0IjoxNDc4NzMzNzAyNTU1LCJyIjoiaHR0cDovL2FkeC5wcm8uY24vYz9jPWJkRkpqNkpRRUFmdzcySW5ub2FXeDJPUlRqb1Q1S0VvLXpJZ1hveThCUnhabEVZRkpfUGRoOXRjLWxxX3FuOGxWWDltN2V4alZ2Yjk5V094eU1fa19kcTE3N2haNE9xTUw0dWY4OXVuS1Fua1lwUEhOVEtiM01IUDl2eDEwcW02TWF3NHprdFp6a0t1MkZDVFk5My1VSmFHV2cyOW1MNEFDSVE3UURLdG9SLVpkTC1QX1RqYnV0b3hJVDE3RllNcjdXZ0NYTzl4ZzA1ZXQ1NXJsc2U3VHNyZjJaWmVCR1czM25sdDVvbXIybzBicWlmR3NfWUp4TU5vb2RMeUNSckJnTmR3WTNYSktGLXVsU0N6ay1RVlhWMUdWaER5Q0NvOU4yVFJ4bWFuTmt1NVZjRi1XVnNyOXU2MUdOajN6Z2dxNFVtVm02X0pUbWNqcVJ2RU5VUTZWRlNrN1plUHZnVXYzbWx5NzZhZzQ4Q0g4Z1d6NE5BRDBhZmMxaEhGMUFkOFl5QTQzQ3JIUGEzMmlaS1pjWlpZckZqN0k3X25RNzFRblJJUFg2NS14aUhzbzZ3MGwyYVNraXhwTFN2S2c0TEx5STVyUlhRc0hQbG9WOW9HcmQxaUJGbFE3R29ES3Q2RFE4VDJWZF80M2ZEejdrdy1VOTE3bEFXNklpZVVNd0FEVFh0V2M4cllKNWpqaWZtbFFJRkV5QWxJUzBnbFVZRlVtZjJZZGROcnY1dWNLSjlJVW5pUmdaeXFOSmZva2djOEw1UHB5TXVKdnlhbUtoR3duT01UaGprN01RbktUSHo3dGtqQXREbG5DaE1vbFFrV01DRDVGSEtkUWpSTlc2VkdYMTBQamIwT1g5SVpCNDJWMUVXS2pyN0NGVDZwMk5nSGJfX2Jxa1BRQVduemlrWnpvOTVkZ2RNaWRJQ3UxbWEyTnZ2N0R3IiwiYSI6Im9lbSYmNTcwNGYxYmU5ZWI1ZTgwMTAwNmRkM2M4LTU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOF8xMWFhNGM5ZmIxNTNlYjc3ZmMwY18wODJlMTVkZGExNTgzZTU0NzNlNyIsInUiOiJjYzJkYmJjODY5N2E1YTU3IiwicyI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwicCI6ImU5ZDJjNmJjYWMzYmZhZjUzNmY0IiwidiI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsIm8iOiJ3ZWIifQ" target=_blank >
<img width="300" height="250" src="http://7xo1qa.com2.z0.glb.qiniucdn.com/bacd48d6f8ba70e3ec2feb7f95274dac.png" />
</a>
<img style="display:none;" src="http://bid.pro.cn/view/?&amp;q=MO-gXNNLaY95P-oSCH0zcO9GEKTTbh66YR-gGeH-frXmIwqnsdsLVBFlJHk3OoMY9RRMs81YfdWKjyTJwBsX1l9nIVFXFlblu_0E_1tOW0y7dISM2hW7pTGLjro64db39i7zGeJmPSjjqVD4HeKzAvijvk3jUZ3_RXzvC2xIEMWgIdUtUCvAR7jR9b3tLdA0u2BPqWRuc1y4MLBe0_XqcbGrzkJcdtJaoNUBfFAqOlsm0GWgoyu4YnYPqEy-0gvIFxNG9QUC7chNxLelOtLwWRbTdfCxiO8NOsBuEq7e9ufOErlWG_dbT7r3k3pCTX3RyrCU3ePyr5RwND-epMcYKkZB7l8DL0WkecA2osryBXdnRzTKLgIlGYBZD4v9eRmh&amp;rid=WCOvhgDpDMR6Y13QAAwl&amp;eff=1&amp;cid=082e15dda1583e5473e7">
<img style="display:none;" src="http://adx.pro.cn/i?i=dY7LTsMwEEX_xUtEJT_qpGHnEiiIUpJWImo2KPbYqSWTmDgFNYh_x4Ut7EY65965n6gfbGs7dIXQJRr02z3Es7p-ej-0uc8ft8mesFKIDxextAB6iJyneG6I1JmWXC8wwTgBYGoRnRB8FHQGVCVSNYpJ0xjOEjOPEIJfWigGq3SUhBDL6mZ0vu7Wt9uJW1V2D8-vbZW_FOmsLcCZ01j-dv4Zc3U5EL6adqe7VXbc0JnY5TXbiH6_FjHmj9LZcPhZ_M-g4PoxUiDQEGlSQ7VOQFFFQJ6pnc4PGcYXlGP09Q0">
<img style="display:none;" src="http://adx.pro.cn/n?n=dY5RT8IwGEX_S58hWVfaMd-KUyQgbpC4sBez9mtHk7LVdmjA-N9t8FXfbnLOvblfaPCmMz26Q2iCvHpfQYz1_cvHsStc8bxjB0wqzj9txMIAKB85zZKZxkLlSlA1T3CSMAAi59EJwUVB5ZBKJmQridCtpoTpWYQQ3MJA6Y1UUeKcL-qH0bqm3zzurtTIql-_nrq6eCuzaVeC1Zex-t38s2abymO6vO4vT8v8vE2nfF80ZMuHw4bHmjsLa8Lx9vifQ8EOY6SAocVCZzpVioFMJQaBvn8A">
<img style="display:none;" src="http://ssp.gclick.cn/verify?v=WVFxc1h0U1FFLUwxU3Jua2NTcERKNmNNd0N3eyJ2aWV3VGltZSI6MTQ3ODczMzcwMjU1NSwiZHNwSUQiOiJvZW0mJjU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOCIsInVwdklEIjoiY2MyZGJiYzg2OTdhNWE1NyIsInNsb3RJRCI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwidmFycyI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsInB1YklEIjoiZTlkMmM2YmNhYzNiZmFmNTM2ZjQiLCJvcmlnaW4iOiJ3ZWIifQ">
<img style="display:none;" src="http://cc.xtgreat.com/cm.gif?dspid=11213&amp;ext=5822ca0f1f25ca006ea56b84">
<img style="display:none;" src="http://cm.api.baifendian.com/Mapping.do?bfd_nid=pro&amp;bfd_client_uid=5822ca0f1f25ca006ea56b84">
<link rel="dns-prefetch" href="//">
</div>
</body>
</html>
" src="javascript: try{document.charset= 'UTF-8';window.frameElement.getAttribute('data-srcdoc');}catch(e){document.write('<script>document.domain=\'tv.cctv.com\';document.write(window.frameElement.getAttribute(\'data-srcdoc\'))</script>')}" seamless="" scrolling="no" frameborder="no" border="0" marginwidth="0" marginheight="0" allowtransparency="true" style="width: 100%; height: 100%; background-color: transparent;"></iframe>
1) : dns-prefetch 是在用户尝试关注 link 之前尝试解析域名。基本上,它减少了用户延迟。
您可以在 Chromium 文档中阅读更多相关信息。
https://www.chromium.org/developers/design-documents/dns-prefetching
2) :
对于初学者,您确定是 iframe 导致弹出窗口吗?要对此进行测试,请从页面中删除 iframe,然后查看弹出窗口是否仍然出现。如果它仍然出现,则 iframe 不是 的罪魁祸首。如果没有,那就是 iframe。继续阅读可能的解决方案。
如果您愿意使用一些基本的 PHP,此答案将对您有所帮助:
How to block pop-up coming from iframe?
如果没有,请使用 sandbox 属性。只需将 sandbox 添加到 iframe,如下所示:
<iframe src="" sandbox></iframe>
根据文档,sandbox 将:
- 将内容视为来自唯一来源
- 阻止表单提交
- 阻止脚本执行
- 禁用 API
- 防止 link 以其他浏览环境为目标
- 防止内容使用插件(通过 、 、 或其他方式)
- 阻止内容导航到其顶级浏览上下文
阻止自动触发的功能(例如自动播放视频或自动聚焦表单控件)
如果 iframe 需要使用以上任何一个来运行,我建议使用我提供的 PHP 脚本。否则,sandbox 可能会干扰页面的预期目的
1) 这是什么意思?
<link rel="dns-prefetch" href="//cpro.baidu.com">
2) 使用我的页面时,我收到恶意弹出窗口。 baidu.com(iframe src)是这些弹窗的来源吗?
完整代码:
<iframe data-srcdoc="<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta charset="text/html;charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<script>document.charset='utf-8'</script>
<link rel="dns-prefetch" href="//cpro.baidu.com">
<link rel="dns-prefetch" href="//www.baidu.com">
<script>
function clickevent(n, e) {var w;for (var i = n.split(","), o = 0, r = i.length; r > o; o++)(new Image).src = i[o];try{window !== window.parent.window && window.parent.window.clickevent && (w = window.parent.window.clickevent(e));}catch(e){}return w === false ? false: (w && (e.href += (e.href.indexOf("?") > -1 ? "&": "?") + "sync=" + encodeURIComponent(w)), !0)}
</script>
</head>
<body oncontextmenu=self.event.returnValue=false>
<img src='http://www.baidu.com/img/baidu_jgylogo3.gif?1478733648305' style='display: none;'>
<div class="slot content padding background border">
<a onclick='return clickevent("", this)' style="text-align: center; width:100%; height:100%; margin: 0px auto;" href="http://ssp.gclick.cn/clk2.html?q=RkZrbTJON1FrTV9zU0VvWVZ5QzBOWlRwQTFzeyJ0IjoxNDc4NzMzNzAyNTU1LCJyIjoiaHR0cDovL2FkeC5wcm8uY24vYz9jPWJkRkpqNkpRRUFmdzcySW5ub2FXeDJPUlRqb1Q1S0VvLXpJZ1hveThCUnhabEVZRkpfUGRoOXRjLWxxX3FuOGxWWDltN2V4alZ2Yjk5V094eU1fa19kcTE3N2haNE9xTUw0dWY4OXVuS1Fua1lwUEhOVEtiM01IUDl2eDEwcW02TWF3NHprdFp6a0t1MkZDVFk5My1VSmFHV2cyOW1MNEFDSVE3UURLdG9SLVpkTC1QX1RqYnV0b3hJVDE3RllNcjdXZ0NYTzl4ZzA1ZXQ1NXJsc2U3VHNyZjJaWmVCR1czM25sdDVvbXIybzBicWlmR3NfWUp4TU5vb2RMeUNSckJnTmR3WTNYSktGLXVsU0N6ay1RVlhWMUdWaER5Q0NvOU4yVFJ4bWFuTmt1NVZjRi1XVnNyOXU2MUdOajN6Z2dxNFVtVm02X0pUbWNqcVJ2RU5VUTZWRlNrN1plUHZnVXYzbWx5NzZhZzQ4Q0g4Z1d6NE5BRDBhZmMxaEhGMUFkOFl5QTQzQ3JIUGEzMmlaS1pjWlpZckZqN0k3X25RNzFRblJJUFg2NS14aUhzbzZ3MGwyYVNraXhwTFN2S2c0TEx5STVyUlhRc0hQbG9WOW9HcmQxaUJGbFE3R29ES3Q2RFE4VDJWZF80M2ZEejdrdy1VOTE3bEFXNklpZVVNd0FEVFh0V2M4cllKNWpqaWZtbFFJRkV5QWxJUzBnbFVZRlVtZjJZZGROcnY1dWNLSjlJVW5pUmdaeXFOSmZva2djOEw1UHB5TXVKdnlhbUtoR3duT01UaGprN01RbktUSHo3dGtqQXREbG5DaE1vbFFrV01DRDVGSEtkUWpSTlc2VkdYMTBQamIwT1g5SVpCNDJWMUVXS2pyN0NGVDZwMk5nSGJfX2Jxa1BRQVduemlrWnpvOTVkZ2RNaWRJQ3UxbWEyTnZ2N0R3IiwiYSI6Im9lbSYmNTcwNGYxYmU5ZWI1ZTgwMTAwNmRkM2M4LTU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOF8xMWFhNGM5ZmIxNTNlYjc3ZmMwY18wODJlMTVkZGExNTgzZTU0NzNlNyIsInUiOiJjYzJkYmJjODY5N2E1YTU3IiwicyI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwicCI6ImU5ZDJjNmJjYWMzYmZhZjUzNmY0IiwidiI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsIm8iOiJ3ZWIifQ" target=_blank >
<img width="300" height="250" src="http://7xo1qa.com2.z0.glb.qiniucdn.com/bacd48d6f8ba70e3ec2feb7f95274dac.png" />
</a>
<img style="display:none;" src="http://bid.pro.cn/view/?&amp;q=MO-gXNNLaY95P-oSCH0zcO9GEKTTbh66YR-gGeH-frXmIwqnsdsLVBFlJHk3OoMY9RRMs81YfdWKjyTJwBsX1l9nIVFXFlblu_0E_1tOW0y7dISM2hW7pTGLjro64db39i7zGeJmPSjjqVD4HeKzAvijvk3jUZ3_RXzvC2xIEMWgIdUtUCvAR7jR9b3tLdA0u2BPqWRuc1y4MLBe0_XqcbGrzkJcdtJaoNUBfFAqOlsm0GWgoyu4YnYPqEy-0gvIFxNG9QUC7chNxLelOtLwWRbTdfCxiO8NOsBuEq7e9ufOErlWG_dbT7r3k3pCTX3RyrCU3ePyr5RwND-epMcYKkZB7l8DL0WkecA2osryBXdnRzTKLgIlGYBZD4v9eRmh&amp;rid=WCOvhgDpDMR6Y13QAAwl&amp;eff=1&amp;cid=082e15dda1583e5473e7">
<img style="display:none;" src="http://adx.pro.cn/i?i=dY7LTsMwEEX_xUtEJT_qpGHnEiiIUpJWImo2KPbYqSWTmDgFNYh_x4Ut7EY65965n6gfbGs7dIXQJRr02z3Es7p-ej-0uc8ft8mesFKIDxextAB6iJyneG6I1JmWXC8wwTgBYGoRnRB8FHQGVCVSNYpJ0xjOEjOPEIJfWigGq3SUhBDL6mZ0vu7Wt9uJW1V2D8-vbZW_FOmsLcCZ01j-dv4Zc3U5EL6adqe7VXbc0JnY5TXbiH6_FjHmj9LZcPhZ_M-g4PoxUiDQEGlSQ7VOQFFFQJ6pnc4PGcYXlGP09Q0">
<img style="display:none;" src="http://adx.pro.cn/n?n=dY5RT8IwGEX_S58hWVfaMd-KUyQgbpC4sBez9mtHk7LVdmjA-N9t8FXfbnLOvblfaPCmMz26Q2iCvHpfQYz1_cvHsStc8bxjB0wqzj9txMIAKB85zZKZxkLlSlA1T3CSMAAi59EJwUVB5ZBKJmQridCtpoTpWYQQ3MJA6Y1UUeKcL-qH0bqm3zzurtTIql-_nrq6eCuzaVeC1Zex-t38s2abymO6vO4vT8v8vE2nfF80ZMuHw4bHmjsLa8Lx9vifQ8EOY6SAocVCZzpVioFMJQaBvn8A">
<img style="display:none;" src="http://ssp.gclick.cn/verify?v=WVFxc1h0U1FFLUwxU3Jua2NTcERKNmNNd0N3eyJ2aWV3VGltZSI6MTQ3ODczMzcwMjU1NSwiZHNwSUQiOiJvZW0mJjU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOCIsInVwdklEIjoiY2MyZGJiYzg2OTdhNWE1NyIsInNsb3RJRCI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwidmFycyI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsInB1YklEIjoiZTlkMmM2YmNhYzNiZmFmNTM2ZjQiLCJvcmlnaW4iOiJ3ZWIifQ">
<img style="display:none;" src="http://cc.xtgreat.com/cm.gif?dspid=11213&amp;ext=5822ca0f1f25ca006ea56b84">
<img style="display:none;" src="http://cm.api.baifendian.com/Mapping.do?bfd_nid=pro&amp;bfd_client_uid=5822ca0f1f25ca006ea56b84">
<link rel="dns-prefetch" href="//">
</div>
</body>
</html>
" src="javascript: try{document.charset= 'UTF-8';window.frameElement.getAttribute('data-srcdoc');}catch(e){document.write('<script>document.domain=\'tv.cctv.com\';document.write(window.frameElement.getAttribute(\'data-srcdoc\'))</script>')}" seamless="" scrolling="no" frameborder="no" border="0" marginwidth="0" marginheight="0" allowtransparency="true" style="width: 100%; height: 100%; background-color: transparent;"></iframe>
1) : dns-prefetch 是在用户尝试关注 link 之前尝试解析域名。基本上,它减少了用户延迟。
您可以在 Chromium 文档中阅读更多相关信息。
https://www.chromium.org/developers/design-documents/dns-prefetching
2) : 对于初学者,您确定是 iframe 导致弹出窗口吗?要对此进行测试,请从页面中删除 iframe,然后查看弹出窗口是否仍然出现。如果它仍然出现,则 iframe 不是 的罪魁祸首。如果没有,那就是 iframe。继续阅读可能的解决方案。
如果您愿意使用一些基本的 PHP,此答案将对您有所帮助:
How to block pop-up coming from iframe?
如果没有,请使用 sandbox 属性。只需将 sandbox 添加到 iframe,如下所示:
<iframe src="" sandbox></iframe>
根据文档,sandbox 将:
- 将内容视为来自唯一来源
- 阻止表单提交
- 阻止脚本执行
- 禁用 API
- 防止 link 以其他浏览环境为目标
- 防止内容使用插件(通过 、 、 或其他方式)
- 阻止内容导航到其顶级浏览上下文 阻止自动触发的功能(例如自动播放视频或自动聚焦表单控件)
如果 iframe 需要使用以上任何一个来运行,我建议使用我提供的 PHP 脚本。否则,sandbox 可能会干扰页面的预期目的