HTML注入到别人的网站? [英] HTML injection into someone else's website?
问题描述
我想向客户演示我的技术,而无需实际修改其实时网站。为此,是否可以配置 http://stackoverflow.myserver.com/ 它反映了 http://www.stackoverflow.com/ ,同时无缝注入我的按钮?
这意味着,我想演示在实际网站上使用我的按钮的体验,而不必在服务器上重新托管客户的数据库。
我知道这里存在安全问题,所以只要我们符合要求,随时提及它们。我不需要为使用HTTPS的网站演示此功能。
更具体地说,我想演示关于Stackoverflow的财务奖励的想法通过在页面中注入贝宝按钮来提问。如何在不修改 http://stackoverflow.myserver.com/ 的情况下演示此功能https://stackoverflow.com/\">https://stackoverflow.com/ ?
重新请求:I根据您的要求重新提出了这个问题。如果您仍然认为它过于宽泛,请通过在下面发布评论来帮助我理解您的推理。
更新:我发布了一个后续消息, 如何重写Javascript代码引用的URL?
UPDATE2 :我放弃了bookmarklets和Greasemonkey的想法,因为它们需要客户端安装/修改。我们需要尽可能无缝地完成这个过程,否则很多会被过程关闭,并且不会让我们间距。
- 随时重写HTML和JS文件。所有其他资源由原始网站托管。
- 对于HTML文件,注入一个
< base>
标签,指向该网站被重定向。这将导致浏览器自动将相关链接(HTML文件,CSS文件甚至Flash!)重定向到原始网站。 - 对于JS文件,将正则表达式应用于修补指向写入URL的特定代码部分。我在浏览器中加载重定向页面,查找损坏的链接,并找出需要修补哪部分JS以解决问题。
这听起来比实际情况困难得多。平均来说,修补每个页面只需不到5分钟的时间。
最大的发现是< base>
标签!它代表我改正了绝大多数的链接。
I've got a product that embeds into websites similarly to Paypal (customers add my button to their website, users click on this button and once the service is complete I redirect them back to the original website).
I'd like to demo my technology to customers without actually modifying their live website. To that end, is it possible to configure http://stackoverflow.myserver.com/ so it mirrors http://www.stackoverflow.com/ while seamlessly injecting my button?
Meaning, I want to demo the experience of using my button on the live website without actually re-hosting the customer's database on my server.
I know there are security concerns here, so feel free to mention them so long as we meet the requirements. I do not need to demo this for website that uses HTTPS.
More specifically, I would like to demonstrate the idea of financial bounties on Stackoverflow questions by injecting a Paypal button into the page. How would I demo this off http://stackoverflow.myserver.com/ without modifying https://stackoverflow.com/?
REQUEST TO REOPEN: I have reworded the question to be more specific per your request. If you still believe it is too broad, please help me understand your reasoning by posting a comment below.
UPDATE: I posted a follow-up challenge at How to rewrite URLs referenced by Javascript code?
UPDATE2: I discarded the idea of bookmarklets and Greasemonkey because they require customer-side installation/modification. We need to make the process as seamless as possible, otherwise many of get turned off by the process and won't let us pitch.
After playing with this for a very long time I ended up doing the following:
- Rewrite the HTML and JS files on the fly. All other resources are hosted by the original website.
- For HTML files, inject a
<base>
tag, pointing to the website being redirected. This will cause the browser to automatically redirect relative links (in the HTML file, CSS files, and even Flash!) to the original website. - For the JS files, apply a regular expression to patch specific sections of code that point to the wrote URL. I load up the redirected page in a browser, look for broken links, and figure out which section of JS needs to be patched to correct the problem.
This sounds a lot harder than it actually is. On average, patching each page takes less than 5 minutes of work.
The big discovery was the <base>
tag! It corrected the vast majority of links on my behalf.
这篇关于HTML注入到别人的网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!