从Bigcommerce中的浏览器内存中删除注入的分析库? [英] Remove an injected analytics library from browser memory in Bigcommerce?
问题描述
我们如何从内存中删除此脚本注入系统并清除功能?
How can we remove this script injector system and clear functions from memory?
简报)最近,Bigcommerce的渎职者以幌子创建了一个分析注入器(JS)监控锁定在全局变量中。未经任何OP同意,他们已将其推向所有50,000个面向前方的商店。这将放入2个JS库并设置(普通代码)触发器,以便跟踪将数据投入其共享第三方分析托架的客户,行为和存储计划。问题在于,虽然他们运行代码,但他们没有权利在他们的领域之外的数千个域中放入像这样的第三方库。有没有人有关于如何杀死这个+从内存中删除的想法?这对他们来说是否合法?
Briefing) Recently the malfeasants at Bigcommerce created an analytics injector (JS) under guise of "monitoring" that is locked in a global variable. They have pushed it to all their 50,000 front facing stores without consent from any OP's. This puts in 2 JS libraries and sets up (plain code) triggers for them to track customer, behavior, and store plans throwing data to their shared 3rd party analytics bay. The issue is that although they run the code, they do not own rights to put in 3rd party libraries like this across thousands of domains out of their realm. Does anyone have ideas on how we can kill this + remove from memory? Is this even legal for them to do?
1)注入器位于共享全局 %% GLOBAL_AdditionalScriptTags %% 在HTMLhead.html面板中,这意味着它不可访问。 AdditionalScriptTags也是动态的,这意味着它根据所请求的页面加载不同的JS助手。由于这个原因,删除变量是不行的。
1) The injector is found in the shared global %%GLOBAL_AdditionalScriptTags%% in the HTMLhead.html panel, which means it non-accessible. The AdditionalScriptTags is also dynamic, meaning it loads different JS helpers based on what page is being requested. Removing the variable is a no-go for that reason.
2)注入器使用各种DSL变量PHP端来构建其设置。这是我在< head> 中的样子,当我浏览作为客户登录我们的商店时。这将为2个独立的库放置2行,我将在下面定义(注意某些令牌隐藏为1234)
2) The injector uses various DSL variables PHP side to build out its settings. Here is what it looks like in <head> as I browse logged into our store as a customer. This is putting 2 lines for 2 separate libraries which I will define below (note certain tokens hidden as 1234)
(function(){
window.analytics||(window.analytics=[]),window.analytics.methods=["debug","identify","track","trackLink","trackForm","trackClick","trackSubmit","page","pageview","ab","alias","ready","group","on","once","off","initialize"],window.analytics.factory=function(a){return function(){var b=Array.prototype.slice.call(arguments);return b.unshift(a),window.analytics.push(b),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var method=window.analytics.methods[i];window.analytics[method]=window.analytics.factory(method)}window.analytics.load=function(){var a=document.createElement("script");a.type="text/javascript",a.async=!0,a.src="http://cdn2.bigcommerce.com/r6cb05f0157ab6c6a38c325c12cfb4eb064cc3d6f/app/assets/js/analytics.min.js";var b=document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)},window.analytics.SNIPPET_VERSION="2.0.8",window.analytics.load();
// uncomment the following line to turn analytics.js debugging on
// shows verbose events and other useful information
// analytics.debug();
var storeId = '123456',
userId = '921';
// initialize with Fornax and Segment.io
var providers = {
Fornax: {
host: 'https://analytics.bigcommerce.com',
cdn: 'http://cdn2.bigcommerce.com/r6cb05f0157ab6c6a38c325c12cfb4eb064cc3d6f/app/assets/js/fornax.min.js',
defaultEventProperties: {
storeId: storeId
}
},
'Segment.io': {
apiKey: '1sbkkbifdq'
}
};
var fornaxEnabled = false;
var segmentIOEnabled = false;
var isStorefront = true;
if (!fornaxEnabled) {
delete providers.Fornax;
}
if (!segmentIOEnabled || isStorefront) {
delete providers['Segment.io'];
}
analytics.initialize(providers);
// identify this user
analytics.identify(
userId || null,
{"name":"Test Dude","email":"test@test.com","storeHash":"123456","storeId":123456,"namespace":"bc.customers","storeCountry":"United States","experiments":{"shopping.checkout.cart_to_paid":"legacy_ui","search.storefront.backend":"mysql"},"storefront_session_id":"6b546880d5c34eec4194b5825145ad60d312bdfe"}
);
})();
3)输出库在< head>中找到2个引用; 并且如果您拥有/演示BC商店,则相当无法触及:
3) The output libraries are found as 2 references in the <head> and as you see if you own/demo a BC store, are rather un-touchable:
<script type="text/javascript" async="" src="http://cdn2.bigcommerce.com/r6cb05f0157ab6c6a38c325c12cfb4eb064cc3d6f/app/assets/js/fornax.min.js"></script>
<script type="text/javascript" async="" src="http://cdn2.bigcommerce.com/r6cb05f0157ab6c6a38c325c12cfb4eb064cc3d6f/app/assets/js/analytics.min.js"></script>
我们如何打破注射器和这些跟踪器并阻止它们加载?有没有办法从记忆中删除他们的功能?在这里代表成千上万的OP和segment.io发言,我们都以此为耻。
How can we break the injector and these trackers and prevent them from loading? Is there a way to remove their functions from memory? Speaking on behalf of many thousands of OP's and segment.io here, we are all at our wits end with this.
推荐答案
我我也一直在攻击这个,我找到了一些能够很好地禁用大部分/全部的东西。
I've been hacking away at this too and I found something that works well to disable most/all of it.
在这一行之前:
%%GLOBAL_AdditionalScriptTags%%
使用此代码:
<script type="text/javascript">
window.bcanalytics = function () {};
</script>
所以你最终会得到这样的结果:
So you will end up with something like this:
%%GLOBAL_AdditionalScriptTags%%
<script type="text/javascript">
window.bcanalytics = function () {};
</script>
部分的< script> 标签您的问题中的3个仍会加载,因为在第一个未注释掉的< script> 标记之前,这些问题始终为PRE,但大多数(如果不是全部)分析功能都会中断,包括外部调用,甚至fornax.js都不会加载。希望这会有所帮助。
The <script> tags from part 3 of your question will still load as those are always PREpended before the first non-commented out <script> tag, but most, if not all, the analytics functionality will break, including external calls, and even fornax.js won't load. Hope this helps.
这篇关于从Bigcommerce中的浏览器内存中删除注入的分析库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
