天星网ClickJacking点击劫持分析
# J7 o! u. N9 g' P! Jhttp://www.21tx.com/ 天星网 3 W Y0 C2 _; |% z2 y% n
我得联系联系作者
% C$ G/ @* d5 {% ?3 ~9 _% I刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。
$ O2 c% j) S5 C4 B# U1 b( hhttp://www.lxting.com/script/popup/v1_min.js
5 P8 `. N/ R0 A# b8 |
$ Z$ t$ I' f4 ]这个是锁定到底JS脚本,5 p" ]& Q% E" R1 f3 B
解密后的代码- (function() { 4 R2 ]3 \3 {/ W. B- l8 |/ W
- var aa_url = window.ytpp_url; & U5 c2 w9 ?- V- `
- var ua = navigator.userAgent; 9 X4 d* @9 D) J' P. J' k
- var form_div = document.createElement('div'); & a9 M* Y% k8 H
- var form_pd = 0; ( `1 w+ K3 W5 u7 F: L8 c+ z
- var browser = {
% A1 B! h1 ~& m( t- ?: v6 K - ie: /msie/i.test(ua),
5 l6 O* l0 r+ j& h1 i P - ie6: /msie 6/i.test(ua), $ X. {2 L" O1 X$ p
- ie7: /msie 7/i.test(ua),
# P/ \' u: |/ ~9 a2 Y I - ie8: /msie 8/i.test(ua),
+ F- e: U! x# o& F" { - ie9: /msie 9/i.test(ua), 2 j4 B e/ w5 I6 M& v! J# P
- 360 : /360se/i.test(ua),
3 V V7 e& J* z1 b - sogou: /;?se.+?MetaSr/i.test(ua),
# O' ?$ @ r/ y2 c0 B - maxthon: /Maxthon/i.test(ua), * @( E) U( r& S: u8 M+ p5 |
- tt: /TencentTraveler/i.test(ua),
9 z% y0 C. Z/ L1 Z& Y5 ? - ff: /firefox/i.test(ua),
6 I' R. ?$ l8 w* Z1 S- b. S# o: E) a - webkit: /AppleWebKit/i.test(ua),
7 s+ ]4 C& s/ I" t3 E- h8 B - opera: /Opera/i.test(ua),
, l/ k. X! {+ H/ Y& y' ^, s8 k1 O+ c" u - qqbrowser: /QQBrowser/i.test(ua), 0 g7 A& j: w9 }& A5 x( ~' v9 i4 w
- cr: /chrome/i.test(ua),
8 A3 k# B+ O% ^6 g, N - gg: window.chrome,
. e7 O0 g( ~7 K - theworld: /Theworld/i.test(ua)
( D' B k; L6 D8 N - }; ( Y4 r; s8 T2 t. {! |: E
- var _setting = ""; 0 t' x X% K- P/ o8 `4 m
- var _ct = 0;
0 g: ^' ^" Q, z) | - var _le = 0; 0 n" S4 @& C' Q
- var _pd = 1; U2 o1 H: Q3 d* P5 Y) d# Z9 k
- var _pd2 = 0;
* o4 f k5 P8 A' V3 q T - var _pc = 1;
& d( {% n1 s/ H6 a9 }8 m8 H, o - var _pc2 = 1;
$ s; p1 v0 t8 u8 b- Y - var _pco = 0;
+ r2 Q1 ^/ W3 e+ j - var _pta = 0; 7 a$ J) i# ]# [! X, G
- var _ptb = 0; ' [$ b8 D" S) ]! _2 c: Z7 B; k
- var _pt2a = 0; % I9 M+ d; V4 `" T" T
- var _pt2b = 0;
7 l# s% |9 D8 N! f* b - var _pt3a = 0; ( w# I8 \& V! {9 G+ [) G6 G! \$ B
- var _pt3b = 0; 6 X8 U% `% E4 ~3 H4 ]2 W
- var _pt4a = 0; 4 ~3 C+ S5 v8 S! R
- var _pt4b = 0;
0 z* w8 {0 M1 | R - var _pt5a = 0; ! J0 ?+ f) i' c$ }1 l9 s5 i) ~0 n
- var _pt5b = 0; 4 S( t- Z4 @$ y% y# I' `! `1 k
- var _pt6a = 0; ! G1 r6 u* i9 V/ m) g, k. T( y, A
- var _pt6b = 0;
8 E$ L, p" q4 R$ e, b, ~' o - var _pt7a = 0; 7 C) L- v3 `( k7 b, x, n8 [
- var _pt7b = 0; % t$ s5 _) \ g; ?* U
- var _pt8a = 0; 6 R0 c* y' B% x: i- L4 j# Y9 o( X! D
- var _pt8b = 0;
# O4 h0 a. n5 v1 V) i% ] - var _pt9a = 0; - V/ A; a$ [! \ d# u
- var _pt9b = 0; 2 l; F$ Y' U# b) [4 F+ y
- var _pt10a = 0; # q" }+ q5 z" P5 p# J5 H) A( b
- var _pt10b = 0;
# b- Q; S2 l. {1 K; W0 S( p4 l - var _po = 0;
! ?* g/ n6 |0 i - var _poo = 0;
- k: |& @. k* H6 b; l( [ - var ckn, ckt; 4 D, H" F2 e2 M/ l
- var ads = 0;
, b0 R# a5 v5 i/ [* v - function b(w) { k+ s& `1 J+ r' k1 n4 M" U
- var s = w + "="; : p* \$ Q3 m1 C! R, `9 n5 v' |2 w- p4 k
- var r = "";
% u, F; B6 C9 i. r. E* W4 A* v% U - var o = 0;
0 h9 l1 x+ q0 O - var d = 0;
0 D- |0 [0 I) h F T+ d - var p = document.cookie; 1 ]8 V! Y6 e5 }2 W. M- k
- if (document.cookie.length > 0) {
6 h' } b7 }9 o' ]3 u1 s% Q - o = document.cookie.indexOf(s); 4 t# X7 G. `' o3 u+ k
- if (o != -1) { / L1 r" L+ d( F& X
- o += s.length; 0 n5 H" _# l$ z% s; L
- d = document.cookie.indexOf(";", o);
% U2 V$ P1 K, y( D' Z - if (d == -1) d = document.cookie.length;
) B; H x, l) d5 U; f. f - r = unescape(document.cookie.substring(o, d))
" K F& j0 u3 ^4 s+ ]: O3 n - }
/ U' ]2 y, P X5 }" K - } - X( B$ g4 N3 j' C7 W
- return r 1 E9 k8 k; B$ j9 |0 ^. _
- };
" Z7 }1 k9 Z6 j; x5 a. I - function p(w, p, v) {
2 l, @! l" G3 C& q; x7 d- u7 S( z' w c - var t = 30; . A& L/ l% I) Q% k
- try { 8 s$ M' e1 L3 F
- t = parseFloat(p) * 1 2 V0 K5 I- d* Y' C+ a# n4 o
- } catch(e) { 9 m; g# x& d! Z z! J1 X
- t = 30
, e( N. R+ m- h- s4 { C+ a, E - } ) A0 M% c% t6 {+ U* E
- if (isNaN(t)) t = 30;
9 _! z' w" c0 v2 B5 g9 z - var then = new Date(); 8 j, `6 Z: K; d* e: a* {- L
- then.setTime(then.getTime() + t * 60 * 1000); + a8 _) b3 M- K0 X
- document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'; t9 B4 m2 H1 e k
- };
: s( y8 b: l# v* h+ F - function init() {
6 u9 q e& H+ @% J( |5 v6 [ - _setting = ytpp_sti; 4 Y, P9 Q' J: C% |& l+ x
- if (getp(_setting, "CT")) {
. T. Z7 G" @- D; k0 s - _ct = getp(_setting, "CT") 3 u' @* _# {. u! P. J9 T# v
- } . q, V ~6 U( I0 _6 ~8 x" b
- if (getp(_setting, "LE")) {
. Y+ L7 { @+ ^ b$ w4 M( T# K - _le = getp(_setting, "LE") 7 w) L$ w0 ^4 |) J6 V
- }
7 I0 k+ r+ [ u: @% u+ }0 d - if (getp(_setting, "PD2")) {
( k. m( q0 j$ ^: o - _pd2 = getp(_setting, "PD2")
: \. w+ u/ R# A8 l0 } - } / X$ R! p! z* C6 C, N
- if (getp(_setting, "PC2")) {
) T. E4 i2 P& \9 c" R - _pc2 = getp(_setting, "PC2")
: ]% s* w' D4 P+ z1 j( Z - }
/ V4 L6 l" r( c& I; q$ h) t - if (getp(_setting, "PCO")) {
$ s* t& O4 }$ F& B - _pco = getp(_setting, "PCO") ( s; l& Q3 q H( v) f5 `
- }
3 i$ t7 q8 V0 l: m; H' E7 J/ Y) c- }+ U0 f - for (var i = 1; i <= 10; i++) {
: @8 V d5 \) r8 b: D - var n = i == 1 ? "": i;
; b2 n, b0 c a* @ - if (getp(_setting, "PT" + n)) { 5 h" I/ `, l1 I3 w; |- w
- eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');");
5 P% h J- k* ~ - eval("_pt" + n + "a = _pt" + n + "[0];");
# N" W3 k5 u' \ - eval("_pt" + n + "b = _pt" + n + "[1];")
; B! ]4 C# g1 M - } ; T# K; ?7 N6 @; M, b& X0 k" F6 K1 z
- } ; v- H* R9 @$ j5 h0 x2 r$ X
- if (getp(_setting, "PO")) {
3 Z2 o" _( i" N7 F$ [7 m - _po = getp(_setting, "PO") " _; {3 {; i0 w* b
- } 7 W: \: C* K6 c
- if (getp(_setting, "POO")) {
$ t5 S# [7 W$ Z) Y - _poo = getp(_setting, "POO")
6 V4 W. V; j6 r# t- V) I - }
7 I$ u% R+ |) P - if (_pco == 1 || _poo == 1) { ) F; O& u* A' ]! t) Q# n: m# R( @
- if (_poo == 1) { 4 \. o" M6 Z1 m U) @4 C u
- _pco = 0
7 m% P9 i3 @$ `) j - } else { ) [6 W' Y) N# R; J6 o+ z
- _poo = 0
- \% p9 r' r- G0 ]6 }: `( i- v - } 4 d% v9 s7 P, z
- _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0;
0 D" J, c( V% c& S* ]7 d$ m. @ - for (var i = 2; i <= 10; i++) {
/ D/ m5 q; |9 F$ ] - eval("_pt" + i + "a = _pt" + i + "b = 0;")
& \# R' W9 K! ]4 B* ?9 v - }
( T; i' I1 s: o - } 0 T- V8 M1 v, [/ \
- };
% h3 V5 ]( _1 a4 P2 H - function getp(s, p) { ! L" D6 q7 i/ o# V g, _7 u
- var i = s.indexOf(p + ":"); / |( j2 ~6 P7 b' \- G
- if (i >= 0) { " C7 i0 D9 G; t. l/ h+ K8 e5 ^
- return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1) 2 `2 p: W/ E+ z. n( c, |% ?3 ~
- }
' a/ B+ L4 ?% Z9 R6 @ - };
, Z: _. j% u( f! l9 w" w' F - function event(e, event, func, act) {
6 h2 A- P( o; W8 x& u/ R - if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func); * Z; f& f9 C3 S b5 ?; t4 R+ P
- else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false) 5 C9 X1 Q" h) k& I* u# D* e4 g
- }
* l# {2 m& M4 [- j" F. `4 C - function pop(url, param) { 9 J0 n) L P- G
- if (!document.body) {
) P& m" ?* y% W+ V3 S2 K; F - return setTimeout(function() {
9 F: ?7 _6 p f3 ^- n! H - pop(url, param)
3 b4 _$ |5 f) R - },
5 U1 P) m) V/ u6 n$ L$ c - 13) ; c+ A: v. Q: V5 ]) h: K
- } & F. D [. J! z
- try { * ^& {3 V- m6 Y5 Z+ d2 v' r
- if (browser['cr'] && browser['gg']) {
( S$ W+ a1 t. z) u - try {
& V: ^( Z6 b9 e% E# U - hrefopen(url)
! |0 F* J1 ]+ f: X8 N - } catch(e) {
4 E! s, Z+ r0 W9 s9 F$ G/ s - a_pop(url) 7 C) R, Q- P i: U& b3 Q8 b* @
- } 3 v3 s) p7 S: Y
- } else if (browser['webkit'] && browser['maxthon']) {
) a, J# m; ]2 l. Z+ D2 H" f - if (!func(url)) {
, ^1 r) _3 V# c - try {
' h) l5 V f3 {) a+ E4 ] - form_pop(url); 3 `: h+ R8 t; |
- a_pop(url) : P6 P( j% [( m9 Z1 M& t
- } catch(e) {}
' W6 |7 k0 `, k6 [+ S - }
) Y0 q. q5 p! R! e! A+ ]# J2 f* }7 Q - } else if (browser['tt']) {
2 v5 r4 [' f1 s- D - try { 2 f( |" C# Z7 b; U+ d5 H7 @
- object_pop(url)
+ Z& V$ m- s" X! i% h - } catch(e) {
e) u7 x: r% F! |/ A- M - a_pop(url)
9 t" z) a* m) p - } 8 \9 A! t5 N! k8 [
- } else if (browser['sogou']) {
$ J5 {+ V. ~" D" x - if (!func(url)) {
7 b9 i# f. z) X7 ^ - try {
; f' @% _" C+ ~) b( A - a_pop(url) 3 K3 O. b# i9 p+ ?; E
- } catch(e) {}
& ? g/ Q! p9 U- k6 U- D - } - L- l, `2 [3 _) g
- } else if (browser['webkit'] && browser['qqbrowser']) { + |6 K! a! Y1 @8 v" u6 F
- if (!func(url)) { & _8 m ~8 h9 W1 v6 n' G3 y h0 g
- try { & c+ D' m, G1 r
- form_pop(url) ( \, g% r4 T: t3 z) t2 V; e% t
- } catch(e) {
! S" N$ T- r4 J' s$ w$ F' r - click_pop(url) / W# B3 ?5 f/ G0 m* C* N- q
- } ' E4 i. u! r0 ?: _ F, [* J! ~ V
- } ^6 W2 d7 L/ w, Q2 B" l8 a
- } else if (browser['webkit'] || browser['opera']) {
& b2 t" `6 w+ ^8 I8 A - try {
7 L6 k% j5 [' n; L5 I - form_pop(url);
4 C6 D0 N" I) J0 d( d - a_pop(url)
1 ?9 ]$ Z$ w4 l r% n. S' y' F( R2 q) j - } catch(e) {} / K; U( E8 J3 P# V9 r+ Y
- } else if (browser['theworld'] && browser.ie6) {
7 j/ `; N/ w" E# K - if (!object_pop2(url)) {
0 T( U- s) |- i) B - a_pop(url)
3 Q. z8 f K. X - }
: e# R& ~6 x+ ] r - } else if (browser['theworld'] && browser.ie8) {
( i) n* {8 j6 u& W, z* j - if (!func(url)) { 5 K3 {4 U3 A; f6 x$ n$ M
- try {
& w" I3 s& |3 ?, J$ k' \2 C7 z1 P - object_pop(url)
4 E% C9 S3 a# i' H; _+ Q# G4 l - } catch(e) { ' z6 B8 q( r: W+ N7 e# p
- click_pop(url)
3 [/ v8 A3 u4 q- h( S- \ - }
: W- c% o. I" E1 w+ J - }
1 c |7 o+ w- ?0 t' Q( T* n$ Z - } else if (browser.ie6) {
2 V# f4 {: h0 \6 q8 p; { - if (!func(url)) {
( K/ M. \* @2 ~! |0 |# u1 y - object_pop2(url) + L3 Q; M+ C4 G3 p. m5 Z
- }
4 W+ A# X3 r: }, J* U2 B - } else if (browser.ie8) {
( a8 |8 C5 W( B) J; W5 f( D - if (!func(url)) { ! H& I5 T6 n8 h# h' Q" r: t
- try {
! f- }$ F* K& A - object_pop(url) 0 n% y: O" Q5 e
- } catch(e) {
( r/ Y1 ]* E" V1 r& a9 ? - document.onclick = function() {
" D' R7 D: F* u8 |5 _! k - func(url); 3 m8 v% f: w7 o7 V j4 T
- document.onclick = null5 W! ?; O6 O g! t
- } ' }- |0 v) z1 x: @
- }
$ m, q! R, h+ R8 P6 s& b - } 1 U0 I) A% b' L
- } else if (browser['ie']) { : K9 \) W/ v1 {, P
- try {
1 y2 C! n8 A# F6 i# s! R - object_pop(url)
! b6 X8 n% m$ K! t - } catch(e) { ! V( T) M, D+ M) ]6 q# y0 Y# t
- click_pop(url) 3 c6 P) Q; x! n3 V6 ^
- } 2 G0 J' w- V! D* ]; g0 z* f
- } else if (browser['ff']) { , @. C9 U1 u4 P
- if (!func(url)) { / J! E* b/ W/ \ Y" {& f, `
- click_pop(url) 8 p; U0 r! z" j1 h1 E( |5 s
- } # ~9 n3 h7 E1 j: H& s3 r8 C3 t
- } else { % y+ i6 B0 E# i) a; `# ?
- if (!func(url)) {
; F( m8 r9 M9 l4 V* H9 s4 \ - click_pop(url) ) C* k5 G2 t4 ]6 Z" e
- }
2 s7 ?; z1 B/ m - } 6 X' J$ d* o8 C5 m' [9 D( B
- } catch(e) {
$ i4 j- M2 |' Q% M( t% v! N N - if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) {
5 S4 y5 i+ ?; z" I! ` - click_pop(url) `6 W( S& Q# F* U* A+ |2 V
- } else { 7 C7 M8 q% H1 k v, S
- a_pop(url)
3 u% w$ o; d, s5 d H, A - }
: y! O0 m' x( W* t9 | - } " L, ~: M* e9 I2 y; q
- }
1 c: Q4 w8 k! s4 p, _& t2 Y( v7 V - function object_pop(url, param) { 8 q$ A5 }7 f$ H
- var object = document.createElement('object');
8 s2 u& L+ b6 z; h# M - object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6');
; I/ N6 l9 v* }# C) W# J - object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;';
6 g. B5 h2 t# x4 \+ r ] - append(object);
% I: O" M- d8 ~* ` b+ N& ~ - object.launchURL(url); - {% z9 M- k9 ?7 S
- ads++; 4 ^/ J. |6 ]& W, W" G" x; J" C0 l
- p(ckn, ckt, ads) . N+ O) E. l! I& s" g) o& I4 S
- } & {9 p+ I3 S" C; N! z
- function object_pop2(url, param) { 2 e* L5 N) o7 o0 C; r
- var object2 = document.createElement('object');
. R r& x6 p1 Q9 m( f - object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A'); & v; i. r9 n8 z5 W+ g
- object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;';
, W; n* L* Y- R* M* E/ x - append(object2);
l0 J" D5 y/ L; V, W - for (var i in object2) { / A# l7 S" K, ^
- try { (function(o) {})(object2[i])
! t6 D8 J7 z4 ~1 Y$ d) w+ E; ` - } catch(e) {}
3 b; K) x8 {- u8 D - } ! ^9 @4 ] a4 `% M* J
- setTimeout(function() {
O1 K2 ` z* C. \( p - object2.DOM.Script.open(url, '_blank', '')
7 a' v6 _8 |8 T+ r3 h/ ?8 [ - }, ( Q8 f2 F0 `+ F2 J$ O2 v+ E
- 500); 1 ^2 P5 J# d. X5 S: O$ x- h
- ads++;
1 \; ~4 Q: W0 k4 p& r! F/ E x" e - p(ckn, ckt, ads)
0 W9 p, t/ F( r1 z% h) r - }
- d+ E' J$ z& K+ v$ l# T, h4 ]& O - function append(e) {
$ k8 z9 b' \! I7 i( z - for (var t in {
6 S& |5 a7 T" t3 @% Z2 v - body: 1 + c% G( Y* i: x+ |0 V
- }) {
, k% \7 s& k& Z! r - var ele = document.getElementsByTagName(t);
+ n# i. }- k8 {* o2 e. v5 Q - for (var i = 0; i < ele.length; i++) {
) O1 Y( o1 b' @. M* u, X4 i+ G6 V - ele[i].insertBefore(e, ele[i].firstChild); ' s1 ^- u3 _( m. s2 {! W2 h
- return5 z3 v$ ~; _1 h4 K8 V
- }
/ G& R7 y' U. m- B- J: i - }
; t$ p3 s# K3 ^' O' k4 ` - } # C; w) u+ |/ f8 {$ a: T- j
- function hrefopen(url) {
5 E: y6 c4 z( o - try {
% S2 y! `- e2 V9 b4 {5 s# u* g1 M - var c = document.createElement("a");
- {/ O" E0 P3 i - c.setAttribute("href", url);
5 n# J2 V! R; F - c.setAttribute("target", "_blank"); * i3 x _4 s Y" O
- c.setAttribute("style", "display:none;"); 4 c5 }3 z; Q, [" B7 X
- var b = document.createEvent("MouseEvents"); - o8 q$ Y6 u& E( x5 i3 ?* {8 X
- b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
& P1 g% u$ v9 O( z - c.dispatchEvent(b);
; @7 H. v4 Q8 O, R4 f2 G/ c2 b - ads++;
" g# j$ m% Y( h: o - p(ckn, ckt, ads);
9 x& ?3 z0 c* A* h8 x. @ - return true5 u8 y# w. X |, Q+ ~6 O
- } catch(q) { 9 ^/ b+ G2 O: p2 e$ n
- return false
j: X3 k* q9 b9 E/ ^3 b( l - } 5 O# ]" u4 Y7 K; W: }' L$ ~/ p1 U
- }
' h2 ~2 A8 m! q - function form_pop(url) { $ N( O' L" J% a% z0 E
- form_div.setAttribute('id', '__unionsky_push_d_object_box__');
" N" x, L5 n+ K4 i3 c4 l$ t - form_div.setAttribute('style', 'display:none'); 8 R: L# B( z2 T# X
- var form = document.createElement('form');
) L5 ^7 a7 d' f0 l5 ~ - form.setAttribute('action', aa_url); ) p: S' ~$ \, N6 j, W' u4 |4 N
- form.setAttribute('method', 'post'); 8 k& |7 o& @% x1 t2 Y |. l9 M
- form.setAttribute('name', '__unionsky_push_d_form_box__');
, [" ]: s8 J0 \, N+ L - form.setAttribute('target', '_blank');
! h/ @- S, X* J) k5 d1 g+ s - form.setAttribute('style', 'display:none'); * ^6 @2 L3 x5 s5 g- V* C
- var sinput = document.createElement('input'); ) v& q; p8 M4 U% c) _ H0 e7 z$ {
- sinput.setAttribute('style', 'display:none'); V# J/ j R! {" |! O- t0 j1 y
- sinput.setAttribute('type', 'submit'); 2 k) y% p9 N$ |% I8 y
- sinput.setAttribute('id', '_sumit_2app'); 2 ^( G3 @* r3 F8 U: p
- form.appendChild(sinput);
' `7 j! H; D) r, X7 [$ b% v - form_div.appendChild(form); 1 Y2 X7 g- e2 t; x
- append(form_div); 6 H. t) j' w; ~1 Z ` B, M
- var unionsky_from = document.forms["__unionsky_push_d_form_box__"]; ) D2 ]( |" | n+ O. R( t3 v' j
- try { 2 C* E9 s6 x# D7 {# z
- document.getElementById("_sumit_2app").click() * T$ @4 t p. \6 X3 r* ?& O8 t, T9 F
- } catch(e) { 5 b K: ~2 v6 [% w
- event(document, 'keyup', ) ?* K0 l% T( m. h
- function(e) {
* J k. Q1 |& K) ], `, ^+ \1 T - if (document.getElementById('__unionsky_push_d_object_box__') == null) {
/ F) Y2 ]; _6 K - return
( l) \( |* A& Y- H" O - };
) V4 I2 o9 q7 S; P - e = e || window.event; * e* ] E, Z }3 ?* {8 e x5 |) a
- e.canceBubble = true; ' l: k$ k" w+ H. p8 `- e. p
- event(document, 'keyup', arguments.callee, true); ! f/ J3 |9 c) h4 @4 k, s, b9 ]1 y \
- form_pd = 1;
8 F6 M p. d3 T& F - unionsky_from.submit() : H7 S7 C- F4 \7 [2 C
- })
& D7 K9 L+ G. l - }
6 X$ }, L% ]7 R. M - }; 9 g2 N( w. e! i3 n, m3 j
- function click_pop(url, param) {
0 n& L! K4 v6 L; d- ?7 ` - event(document, 'mouseup',
) N' t4 B' t4 ]# ]# G - function(e) { . z" I; F; X! P9 j' e' @
- e = e || window.event; ( I$ |5 F8 u3 A
- e.canceBubble = true; , q$ v, I# o$ P R) m
- event(document, 'mouseup', arguments.callee, true); 4 W6 {2 m! w2 L' u/ M
- func(url, param);
' m6 s" A- z" W5 m6 L+ k - ads++; $ z3 U6 Z0 I8 L3 V$ \2 k5 p3 b
- p(ckn, ckt, ads) 0 y7 d0 G9 g: J! `0 J7 I0 s
- })
y0 k2 ^% n0 L - }; * ?( q# v0 w3 a$ A
- function a_pop(url) {
: r: G% Q' L. X& Y1 V! W - if (ytpp_plid == 166028) { 6 x+ |8 i1 U. R& T
- return
2 U# b0 W' Z' \3 K/ v - }
0 m) P$ E4 P) }! W. c. T0 Y1 |8 u1 A - if (!document.body) {
. `5 ^1 o8 n. T* D+ U* i - return setTimeout(function() {
- u1 _: C; T- F9 Q2 E - a_pop(url)
# }: r/ V) O: f3 V, ~" ^ - }, / \( K/ k7 m$ E Q& k6 l% i
- 13)
3 S/ f5 w& b. D; G: y: R - }
( |3 x ^$ N8 q - var a = document.createElement("a");
; t* c7 f, @# S; |+ d7 s8 b! L- f - a.href = url; ! P: y4 B% H M' q
- a.target = "_blank";
0 @1 M0 k" I3 d0 O3 [ - var div = document.createElement('div'); , X1 G* Z# l% j! X
- div.style.backgroundColor = '#fff'; 2 L& Y7 @; g- e& j0 `6 j
- a.appendChild(div);
$ D J- {9 X7 L. L4 d$ g# G - append(a);
' D0 i! x- d5 h9 r1 O - var as = a.style;
/ Z, z: \6 f2 ?/ I/ S6 H& s - as.position = "absolute"; 5 I9 A: w! ]. m- m" z8 s
- as.zIndex = '2147483647'; 4 g8 A5 v3 h! y. o$ q9 E9 \
- as.display = "block"; 8 C' T' g' f, x2 j/ d, }
- as.top = "0px"; 1 J k+ R6 l3 ~
- as.left = "0px";
0 q$ x y1 [3 j# r2 a& {4 U! X - as.cursor = 'default'; - x, Z7 Q2 I$ {# }) z' x# D9 w4 P
- as.opacity = "0"; 6 _" j& e! S1 @6 D5 M* j8 k
- as.filter = "alpha(opacity:0)";
4 P; ~6 @+ a$ b) F( H9 W2 Z- d - var m = setInterval(function() {
$ [* r- E0 t: s" T; m3 A - if (form_pd == 1) { ! k# K3 y% B& f% ~3 k; E
- a.parentNode.removeChild(a); * I9 @$ w" T5 O
- clearInterval(m); 7 Y" P2 O# | n1 [# ~
- return
: l0 R5 l2 r& |/ B) \ - } , C9 T, o/ Y( L6 A4 f' H6 D B2 ]
- a.style.zIndex = '2147483647';
( [) O" v& `; p) d9 X+ v1 Y' T. B6 F - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body; 4 |/ I' Q( w# E( ~/ r
- a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px';
% V; S( c2 @' i1 _8 n: |7 g - div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px'; 9 o2 O+ B( j* J+ D9 q5 q- |) _
- div.style.height = d.clientHeight + 'px'; 0 u1 x) _; f: n% j
- if (browser['ie']) { ' A" k% L' P1 [
- try {
! ~8 R D* \1 I) w( n! W! s* w. M, W! U - var divs = document.body.childNodes;
; F: n2 {) V4 h1 {: f( @2 r* ? - for (var i = 0; i < divs.length; i++) { + k5 `% P+ g/ V
- if (!divs[i]['style']) { " U( K3 M8 j% `1 X
- continue
0 { q. \5 V! \% S" @! r$ ~( | - } , \' ^: @' g8 @. u; C e6 r* f
- var _i = parseInt(divs[i].style.zIndex); ) K) s' s4 r3 h+ q$ d: {) e
- if (_i && divs[i] != a && _i == 2147483647) {
6 h. g C7 u" @! M) M - divs[i].style.zIndex = _i - 1
- F U. Z( f- {1 c1 A* Q+ g - } - y6 G% S$ T1 c8 p
- } ; ~ k# r7 P1 @5 X8 M' ]9 |
- a.style.zIndex = '2147483647'$ K& ]) z$ L9 ?; T
- } catch(e) {} ) F' o/ N# K% j6 _2 k' q
- }
1 h0 Z$ P" u4 e7 i- y - },
H7 u2 d$ ^" V& v - 120);
4 ]- z8 t G; m% y - a.onclick = function(e) { . L6 _6 P0 y. C
- if (document.getElementById('__unionsky_push_d_object_box__') != null) {
: J3 W* l1 q/ R6 d4 l# A! p - form_div.parentNode.removeChild(form_div)
( D% x- E- S4 Z7 C% u - } ) A2 F! D5 E7 z6 @* j9 e
- e = e || window.event;
/ A! ~5 o! ?$ a* t- |2 \ - e.cancelBubble = true;
7 p" e+ v8 o( S6 d+ T9 Z" J - setTimeout(function() {
1 b' H+ J, @$ Y$ W" a - a.parentNode.removeChild(a)
+ u, O9 V8 ~# ]9 \; a/ _ - },
9 m ^$ K6 t# ^- b9 B - 200);
+ b! g0 O7 u% T( H. R& Q! x - clearInterval(m);
; y) J# |3 I; g( y+ v. U5 w - ads++;
3 F; S8 g( ~6 v8 d4 x1 q - p(ckn, ckt, ads)
6 ~2 }) ^# T3 h; V7 f6 X2 {% U* m - };
) Z+ U% d$ i& m1 y - event(a, 'mouseup', + u* d( |$ _; f, C( O+ m5 k; `( e
- function(e) {
/ ~6 {8 g% O4 S0 |' d1 | - e = e || window.event;
+ n; g1 h" U' ^5 {. o6 R$ w - e.cancelBubble = true+ V& N5 D- F: K' R. }
- })
0 }2 x# V0 b! L7 V; q! s5 H - } ! @; t& S" m `, X7 [$ ~$ Z
- function func(url, param) { / ^3 y( V- X/ I( i4 U
- var f = window[String.fromCharCode(111, 112, 101, 110)]; 1 E1 |. ?! d4 C l
- var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height);
; v* ], b% W5 }3 }, u F - if (w) {
/ N+ F+ D' ?! v) P) z - ads++; ; W7 C4 H9 k* J" R ^# y5 T
- p(ckn, ckt, ads) 1 D! i7 L. y# V/ w) d' q
- };
1 d- s x9 Z$ h& d# I - return w ) r# f t. O" S8 q
- } . g2 e& p! v2 M1 Z) Y' o
- function fstart(url) {
1 \8 o. N0 T8 j/ ]0 ]5 I' e - init(); 0 a& t- \+ @' j9 |9 R/ D
- if (_ct >= 0) {
/ ^8 {3 M, |2 E! {! F - ckn = "YITIAN_NUM"; / O0 C: `0 J& v" i4 t" |: K7 }
- ckt = _ct
4 C! } ~7 x9 Z' }8 Z+ K/ ^ - } else { - _$ V) n4 W& j4 ~8 Q/ @+ Q+ C# `4 G
- ckn = "YITIAN_ALL"; 7 D# y5 R5 P0 J' O x: p% m
- ckt = Math.abs(_ct)
2 }& o$ A0 ]/ T3 o0 Y$ `# O, I. K l/ C, S' g - } 5 p( Y$ s1 [/ \" N4 [
- if (ckt > 0) { 0 @, e' D, p1 T G- _; _+ a
- if (b(ckn)) { * ~$ p2 n. W2 M" D; W& e" S
- try {
6 n. x2 W9 E9 I' q- y' V% V) ~/ k - ads = parseFloat(b(ckn)) 3 W% F# v3 R7 M7 S6 a: J
- } catch(q) {}
* L4 W% O& c3 |9 z" j* x8 L - } 9 F& A, c3 u& C4 k
- }
N2 v% Z L) ^ e B6 `5 W - if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) {
, P: e/ z1 m( n& @$ z- M: e - return7 P# ? [% R5 ]
- } else { 4 A @3 m3 o5 o5 ?: C
- if (_le > 0) { 9 {$ _, K8 ?$ S: @
- setTimeout(go(url), _le * 1000) * Y( e }" r x+ h# h' O+ m
- } else {
; V+ l ]# k5 B; X - go(url)
2 U3 h0 m6 J. i. I - }
5 }6 ^# z7 |: P4 K2 n - }
: ~9 D1 t( P1 N6 }% Q - }
& {% W5 X0 J& _7 i - function go(url) { % ?- K/ u& j6 `: \/ ^
- if (_poo == 1) { . W! E) |2 m* U6 x- I3 P; w
- try { 4 G( s% Z" f! V: U& {
- func(url)
! Z- ^2 N& R' B4 }) ?# v% }4 m - } catch(q) {} * ]2 G. w9 N. z
- } else if (_pco == 1) { 2 B& s* T0 F- e0 \. |5 v5 y/ j
- a_pop(url)
B6 [2 L/ l: o$ e- v2 ?5 F - } else {
( C7 K( t% b' i" e. A - if (_pd == 1) { 5 c C4 D/ F; Z+ s, i
- setTimeout(function() { ' D6 L" q. j+ |0 M* A% K
- pop(url, {
+ h) m4 h. f: H! j; v$ M - a: 1,
. Z% k: M8 ?9 f! n7 ~ - b: 2 & U1 j$ `8 e2 E3 a
- }) ; }4 }. e3 q3 Q
- },
$ v( [3 S: I5 o6 s! q1 r - 300) & Q( Z) \# Z( M! ]
- }
- U- y% c0 x/ ?, U% E - if (_pd2 > Math.random()) {
% H- t; m O$ x5 B5 r( t/ B - setTimeout(function() { ; Q; w! ]2 x9 _/ h( U
- pop(url, { 5 Y" q k! ]% \% c1 a' `* H, i9 e
- a: 1, ; \; a7 g; l8 k. n7 y# ?: w
- b: 2
' H# f5 Z! D9 A+ W - }) ) t0 Q/ n) r; p3 S/ O! B: K y
- },
, J+ I$ P% z2 U/ T/ H - 300)
. b( q3 N4 e( |( H9 a, C - } ' R% w7 {" P3 O- ^9 E" \; o
- for (var i = 1; i <= 10; i++) {
, \, p. `( Q+ ?3 D# g$ } - var n = i == 1 ? "": i;
/ b5 l/ J% X1 X - if (eval("_pt" + n + "b") > Math.random()) {
. s. ?! j- e* \ - setTimeout(function() { " k/ j$ i8 s1 V5 [1 Q2 Q& O+ v+ f3 l
- setTimeout(function() { g- t0 ~( V! I, V
- pop(url, { : @0 j) B1 ]# G2 [2 G
- a: 1, . U8 ~ L2 T! }; l% S
- b: 2
( L* f6 _6 n$ Y M3 ~ - }) ( x0 v+ @; V7 }) E
- }, & u) T; h2 h/ }9 A ^
- 300) 2 a4 }9 P; E6 S- Z( {0 w0 l9 `
- },
1 M l* w: \) c - parseInt(eval("_pt" + n + "a")) * 1000) 8 G' _( A/ x3 U1 [; n
- } 6 ?2 s9 A# v: k' @3 B
- }
' h0 v" B# R( `+ r4 V7 H - if (_pc2 > Math.random()) {
! V% q( {- x @ ] ^+ I$ R - a_pop(url)
" A6 } L g1 j5 c& s* r - }
0 d- [1 u9 t9 q) n$ D - if (_po > Math.random()) { 0 O$ t+ z6 [, H+ N
- try {
6 |# Q( Z1 C5 M# ~7 h8 @ - func(url)
! G W; o r+ }( T( ]% \& u3 d% V' s - } catch(q) {} 6 Y$ X( L+ m, {+ t# G
- } & {1 {5 v/ K. x
- } # |# g' h8 r# j( P
- };
2 _! }8 \% n# r; d - fstart(aa_url);
/ K" ~4 k2 V# @2 V( V' }5 S - event(window, 'beforeunload', - b& a, s2 L* ~ d8 E& W) i$ E
- function() {}) + F ?; x9 A% h0 i
- })();
URL从这里产生 M6 ]6 A3 E1 O& `6 _" ~ i0 q
$ Z" A4 T# o# n2 o+ ], `
http://play.unionsky.cn/show/?placeid=1418303 Y5 y( C& z7 i1 Z% C7 v
- X' e, e7 q# {" O; E& X# ?4 U$ j" c- v3 X: q, @
|
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
