Comments (2)
概念
运营商劫持是指运营商(某动、某信、某通)为了卖广告或者其他经济利益,劫持了用户的访问,比较常见的有两种劫持方式:DNS 劫持和HTTP劫持
DNS 劫持
DNS 解析返回错误的 IP 地址,把用户导航到广告页或者其他恶意网站。
这种方式现在好像是受管制的。
HTTP劫持
在 HTTP 劫持中,DNS 解析没有问题,但在用户和网站进行交互通信的过程中,运营商劫持了用户的请求,自己也给用户返回了一段脚本,向网页中插入弹窗广告之类的。或者是运营商把用户的目标网站的响应资源缓存在了自己的服务器上,后续用户再请求这个网站时,就把用户路由到运营商自己的服务器上,直接返回缓存的资源,不再请求目标服务器,节省流量。
HTTPS劫持
不懂。
防御
如果是针对运营商向正常页面中插入内容这个行为,可以通过:
- CSP script-src 指令设置白名单
- 改写
document.write()
+ 白名单过滤,不允许插入未知的<script>
标签(不过插入元素又不止document.write()
这一个方法) - MutationObserver 监听 DOM 变化,发现不正常的节点就把它移除
其他:
不知道。
工程化
我 · 不 · 会。
from fe-interview.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from fe-interview.
Related Issues (20)
- 【每日一题】- 2020-07-28 - Promise.all VS Promise. allSettled Promise.any VS Promise.race HOT 4
- 【每日一题】- 2020-08-03 - 多线程打印 HOT 5
- 【每日一题】- 2020-08-04 - 浏览器是如何解析 CSS rule 的? HOT 3
- 【每日一题】- 2020-08-06 - 讨厌的 Y HOT 3
- 【每日一题】- 2020-08-07 - 寻找祖先 HOT 5
- 【每日一题】- 2020-08-10 - JS 编程题 HOT 4
- 【节流防抖的概念弄混了】
- 【每日一题】- 2020-08-21 HOT 3
- 【每日一题】- 2020-08-25 - 编程范式 HOT 1
- 【每日一题】- 2020-09-02 - type A<T> = (x:T) => T; type B = <T>(x:T) => T; 的区别 HOT 3
- 【每日一题】- 2020-09-04 - 多个进程如何监听同一个端口 HOT 2
- 【每日一题】- 2020-09-15 - 响应头 content-type 的奇幻之旅 HOT 2
- 【每日一题】- 2020-10-09 - 以下 shell 的作用是什么? HOT 3
- 【每日一题】- 2020-10-16 - 分割数组 HOT 1
- 【每日一题】- 2020-10-21 - 字典分割 HOT 2
- 【每日一题】- 2020-04-19 - !!~A.indexOf(edge._label) 是什么意思? HOT 3
- 【每日一题】- 2021-07-12 数组的索引为什么从 0 开始?而不是从 1 开始? HOT 3
- 【开源自荐】推荐一个每日更新的前端面试题库
- 【开源自荐】SolidUI 一句话生成任何图形
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fe-interview.