很多第三方的广告系统都是使用document.write来加载广告,如下面的一个javascript的广告链接:
这个javascript请求返回的是这样的一段代码:
这种加载来自第三方,并且代码都添加了统计的功能,上面的javascript的广告链接每请求一次都会统计一次,生成的代码也有点击统计的功能,也就是说必须以这种方式来进行加载。
例子1:www.piaohua.com,左上角广告banner和左下角浮窗广告都是通过加载广告脚本,可以通过拦截该piaohua_banner_980_60_4.js的请求,来终止document.writeln的写入。
例子2:(广告通过iframe加载#document然后一个完整的html来实现)
拦截实例:http://blog.csdn.net/cteng/article/details/42681299
<img src="http://f12.baidu.com/it/u=200290511,3287632236&fm=76" id="img_6" class="figure" style="opacity: 1;">
||pos.baidu.com/icrm?rdid=2895327 … … // ADBlock拦截规则
//iframe元素会创建包含另外一个文档的内联框架(即行内框架)。
id="iframeu2895327_0"src="http://pos.baidu.com/icrm?rdid=2895327
&dc=3&di=u2895327&dri=0&… > … …
Key:这一类广告通常采用阻塞资源加载即可,
另一例子:http://www.w3school.com.cn/tags/tag_iframe.asp
因请求的失败相应的脚本也会更改:
<div id="sub-frame-error-details" jsselect="summary" jsvalues=".innerHTML:msg" jstcache="2">对服务器的请求已遭到某个扩展程序的阻止。</div>
例子3:弹窗广告(document.open(); document.write())
<iframe scrolling="no" frameborder="0" src='javascript:(function()
{document.open();document.write("<!DOCTYPE HTML><html><head><meta charset=UTF-8><title>mblog-proxy</title><style>html,body,*{margin:0;padding:0}</style></head><body marginwidth=\"0\" marginheight=\"0\"><script type=\"text/javascript\" src=\"//zzy.mipujia.com/rg3a1ece92f1ccff39db046a92f0b03ae645f7d70d3aac32ed12.js\"></script> </body></html>");document.close();})();' style="width: 100%; height: 150px;"></iframe>
汇总一下浮窗广告特征:
1.<embed> , <embed> 标签定义嵌入的内容,比如插件:
<embed pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/
x-shockwave-flash" src="http://sjs.sinajs.cn/blog7swf/lookViewSpring.swf?2" width="140" height="87" style="undefined" id="map" name="map" bgcolor="#000" quality="high" scale="noscale" allowscriptaccess="always" wmode="transparent" flashvars="url=http://
weibo.com/blogkefu&realfull=1&moz=1"/" title="Adobe Flash Player">
2.<img>,例如:
<img src="http://f12.baidu.com/it/u=198212411,3052252488&fm=76" id="img_4"
class="figure" style="opacity: 1;">
<img data-src="http://asearch.alicdn.com/bao/uploaded/i4/170740129052234075/
TB2b_BygXXXXXapXpXXXXXXXXXX_!!55027074-0-saturn_solar.jpg_160x160.jpg_.webp" src="http://asearch.alicdn.com/bao/uploaded/i4/170740129052234075/TB2b_BygXXXXXapXpXXXXXXXXXX_!!55027074-0-saturn_solar.jpg_160x160.jpg_.webp">
3.<ins>,带有已删除部分和新插入部分的文本,例如:
<ins class="sinaads sinaads-done" data-ad-pdps="PDPS000000049439" style="width: 1000px; margin: 0px auto; display: block; overflow: hidden; text-decoration: none;" data-ad-status="done"><ins style="text-decoration:none;margin:0px auto;width:1000px;display:block;
position:relative;overflow:hidden;"><a style="display:block;line-height:0;" href="http://
sax.sina.com.cn/dsp/click?t=MjAxNy0wMy0yMSAxNDoyNjoxOAkxMTkuMTQ1Ljg5Ljk3CTExOS4xNDUuODkuOTdfMTQ4OTk5MjMwNC4xNzM0MjkJOWQ3ZTAzMDMtZmQyNC00OWYyLThjMmItZDI5MDE2MDQ5ODM5CTc0MzkyNQk1ODc3NjEwNDM3X1BJTlBBSS1DUEMJMjY3NDM4CTE5OTAyNAk0Ljc0NzAyRS00CTEJdHJ1ZQlQRFBTMDAwMDAwMDQ5NDM5CTE4NDc5MzcJUEMJaW1hZ2UJLQkwfDJBVWxQR1JMWTVOWUhNR3BHd1V0R1h8bnVsbHxudWxsfGJqfDc0MzkyNXwxNk1tVTcwVXMwQnhqRk9LZ1hvUkhoCW51bGwJMQktCS0JLQkwCTExOS4xNDUuODkuOTdfMTQ4OTk5MjMwNC4xNzM0MjkJUENfSU1BR0UJLQlmbS1zaW1pZC1ydAkt&userid=119.145.89.97_1489992304.173429&auth=935b701a15e9be83&p=qwyTl52jN76Q6C8ezBcqktTctmKhhxGdokYAVg%3D%3D&url=http%3A%2F%2Fsax.sina.com.cn%2Fclick%3Ftype%3D2%26t%3DYWIwYzkzOTctOWRhMy0zN2JlLTkwZTgtMmYxZWNjMTcyYTkyCTE3CVBEUFMwMDAwMDAwNDk0MzkJMTg0NzkzNwkxCVJUQgkt%26id%3D17%26url%3Dhttp%253A%252F%252F51485148.com%252F%253Fgzid%253DC100090%2526SET_A%253DPDPS000000049439%2526SET_B%253D743925%2526SET_C%253D1847937%2526SET_D%253D9d7e0303-fd24-49f2-8c2b-d29016049839%2526SET_E
%253D267438%2526SET_F%253D1%26sina_sign%3D5f4dd73742df4865&sign=8fd9f19820ac0b91&am=%7Bclkx%3A534%2Cclky%3A21%7D" target="_blank" data-link="http://
sax.sina.com.cn/dsp/click?t=MjAxNy0wMy0yMSAxNDoyNjoxOAkxMTkuMTQ1Ljg5Ljk3CTExOS4xNDUuODkuOTdfMTQ4OTk5MjMwNC4xNzM0MjkJOWQ3ZTAzMDMtZmQyNC00OWYyLThjMmItZDI5MDE2MDQ5ODM5CTc0MzkyNQk1ODc3NjEwNDM3X1BJTlBBSS1DUEMJMjY3NDM4CTE5OTAyNAk0Ljc0NzAyRS00CTEJdHJ1ZQlQRFBTMDAwMDAwMDQ5NDM5CTE4NDc5MzcJUEMJaW1hZ2UJLQkwfDJBVWxQR1JMWTVOWUhNR3BHd1V0R1h8bnVsbHxudWxsfGJqfDc0MzkyNXwxNk1tVTcwVXMwQnhqRk9LZ1hvUkhoCW51bGwJMQktCS0JLQkwCTExOS4xNDUuODkuOTdfMTQ4OTk5MjMwNC4xNzM0MjkJUENfSU1BR0UJLQlmbS1zaW1pZC1ydAkt&userid=119.145.89.97_1489992304.173429&auth=935b701a15e9be83&p=qwyTl52jN76Q6C8ezBcqktTctmKhhxGdokYAVg%3D%3D&url=http%3A%2F%2Fsax.sina.com.cn%2Fclick%3Ftype%3D2%26t%3DYWIwYzkzOTctOWRhMy0zN2JlLTkwZTgtMmYxZWNjMTcyYTkyCTE3CVBEUFMwMDAwMDAwNDk0MzkJMTg0NzkzNwkxCVJUQgkt%26id%3D17%26url%3Dhttp%253A%252F%252F51485148.com%252F%253Fgzid%253DC100090%2526SET_A%253DPDPS000000049439%2526SET_B%253D743925%2526SET_C%253D1847937%2526SET_D%253D9d7e0303-fd24-49f2-8c2b-d29016049839%2526SET_E%
253D267438%2526SET_F%253D1%26sina_sign%3D5f4dd73742df4865&sign=8fd9f19820ac0b91" onmousedown="return sinaadToolkit.url.fortp(this, event);"><img border="0" src="//d6.sina.com.cn/pfpghc2/201703/21/ff328cbc465743fdb8e2be2160d77133.jpg" style="width:1000px;height:90px;border:0" alt="//d6.sina.com.cn/pfpghc2/201703/21/ff328cbc465743fdb8e2be2160d77133.jpg"></a><div style="width: 26px; height: 13px; position: absolute; right: 1px; bottom: 1px; z-index: 99; background: url("//d2.sina.com.cn/litong/zhitou/sinaads/release/ad_logo_update_IAB.gif") no-repeat;"></div></ins></ins>
4.<iframe>
5.关闭广告(标签):
<div style="background: url("http://d1.sina.com.cn/litong/zhitou/sinaads/
60x18_2_close.gif") left top no-repeat; cursor: pointer; z-index: 11010; position: absolute; width: 60px; height: 18px; right: 7px; top: 1px;"></div>
6.<a>…</a>,例子:url: http://www.piaohua.com/
<div style="position:absolute;z-index:1">
<a href="http://s.code.twyxi.com/htmlcode/2289_1.html?tj=0&agent_id=1009
&placeid=2289&type=3&game_id=40&aid=lraa&rand=1&cplaceid=&t=0.22488892364733504" target="_blank">
<img src=http://dm.flash.twyxi.com/flash//c.gif width="300" height="250" border="0">
</a></div>
7.小部分浮窗广告为flash(chrome浏览器自动屏蔽flash)
PS:
1 <a href="javascript:alert(1)" ></a>
2 <iframe src="javascript:alert(1)" />
3 <img src='x' onerror="alert(1)" />
4 <video src='x' onerror="alert(1)" ></video>
5 <div onclick="alert(1)" onmouseover="alert(2)" ><div>
6 flash
