标签:tag back button 时报 策略 理解 doctype ogg 点击劫持
<iframe id=‘myIFrame‘ src = ‘x1.html‘ onload="fun1()"></iframe> <p id=‘2‘>I am 2.html.</p> <p id=‘p‘>hello world.</p> <script> function fun1(){ var myframe = document.getElementById(‘myIFrame‘); (window.document.getElementById("myIFrame").contentWindow.document.getElementById(‘p‘).style.display="none"); } </script>
<!DOCTYPE html>
<html>
<head>
<style type="text/css">
#img1
{ position:absolute; left:0px; top:0px; z-index:-1 }
</style>
<script>
function changeStackOrder()
{ document.getElementById("img1").style.zIndex=1; }
</script>
</head>
<body>
<h1>This is a Heading</h1>
<img id="img1" src="bulbon.gif" width="100" height="180">
<input type="button" onclick="changeStackOrder()" value="Change stack order">
<p>Default z-index is 0. Z-index -1 has lower priority.</p>
</body>
</html>
!DOCTYPE>
<html>
<head>
<style type="text/css">
#message {
color: #ffffff;
background-color: #ff0000;
border-width: 10px;
border-color: black;
border-style: solid;
width: 100px;
height: 50px;
padding: 50px;
}
</style>
<script type="text/javascript">
window.onload = function(event) {
document.getElementById(‘toggle‘).onclick = function() {
var message = document.getElementById(‘message‘);
if(message.style.display === ‘none‘) {
message.style.display = ‘block‘;
}
else {
message.style.display = ‘none‘;
}
};
};
</script>
</head>
<body>
<button id=‘toggle‘>Toggle the visible status</button>
<hr>
This is a text! This is a text! This is a text! This is a text! This is a text!
<div id="message">Message 1</div>
This is other text!This is other text!This is other text!This is other text!This is other text!
</body>
</html>
<script type="text/javascript"> window.onload = function(event) { document.getElementById(‘toggle‘).onclick = function() { var message = document.getElementById(‘message‘); if(message.style.visibility === ‘hidden‘) { message.style.visibility = ‘visible‘; } else { message.style.visibility = ‘hidden‘; } }; }; </script>
<script type="text/javascript"> window.onload = function(event) { document.getElementById(‘toggle‘).onclick = function() { var message = document.getElementById(‘message‘); if(message.style.opacity == 0) { message.style.opacity = 1; } else { message.style.opacity = 0; } }; }; </script>
if(top.location != self.location) // 查看最上层是否是自己 parent.location = self.location; // 不是,把上层换成自己
<body onUnload="javascript: cause_an_abort;)"> // 发现要被替换,攻击者通过代码停止替换
<script> window.onbeforeunload = function() { confirm("Do you want to leave? "); return "hi there"; } </script> <body> <iframe id=‘myIFrame‘ src = ‘p2.html‘></iframe> p2 is framed. </body>
if (top.location != location) { if(document.referrer && document.referrer.indexOf("walmart.com") == -1) { top.location.replace(document.location.href); } }
if (window.self != window.top && !document.referrer.match(/https?:\/\/[^?\/]+\.nytimes\.com\//)) { self.location = top.location; }
<style>body {display:none;}</style> <!--不显示页面内容-->
<body>
I‘m not be framed!
<script>
if(self==top) { // 确认在最上层
document.getElementsByTagName("body")[0].style.display=‘block‘ // 设置显示
}
else{ // 如果不能挣脱iframe,那么就不显示
top.location = self.location;
}
</script>
header("X-Frame-Options:DENY");
Web信息安全实践_5. 点击劫持(click hijacking)
标签:tag back button 时报 策略 理解 doctype ogg 点击劫持
原文地址:https://www.cnblogs.com/tianjiazhen/p/12235919.html
