天星网ClickJacking点击劫持分析
# U8 ], f! @' }& i1 Bhttp://www.21tx.com/ 天星网 1 a% e% c3 O- q$ A( Y
我得联系联系作者
{! V; e* [( {" l) ^刚好打开这个站,发现第一次点击会弹窗,然后就不会,清除下COOKIE,又继续了,然后查看源代码,也没什么奇葩的。
. M: Q, f3 A- m! v6 ghttp://www.lxting.com/script/popup/v1_min.js
" ~+ I# U: _$ w. O5 m9 U' g- ]6 N$ b6 u
这个是锁定到底JS脚本,! v' H ]' _6 Z- f8 \
解密后的代码- (function() {
( z3 n; R5 u5 h8 A - var aa_url = window.ytpp_url;
9 A0 k7 D0 H8 s/ y+ N - var ua = navigator.userAgent; 7 `: q, e) `. J% V
- var form_div = document.createElement('div'); ) v4 V2 b* T$ M& Q' F
- var form_pd = 0; 6 t6 i$ R( C& C8 I: _9 l
- var browser = { : M$ b* x. A2 e8 s0 E) _5 L0 V* X+ ?9 V5 I
- ie: /msie/i.test(ua), . U1 f8 N* d5 T, D( W5 G4 L
- ie6: /msie 6/i.test(ua),
" ~: X. J. }- L2 ~ - ie7: /msie 7/i.test(ua), 7 c: @$ \5 x2 A/ Q% U+ G
- ie8: /msie 8/i.test(ua),
' L5 m+ b3 }8 x7 [+ u4 ~- j4 Z - ie9: /msie 9/i.test(ua), ' F# V0 s( r0 \$ J; U% a
- 360 : /360se/i.test(ua), ( i; y& }1 y' S
- sogou: /;?se.+?MetaSr/i.test(ua), ( i, \+ `/ @9 y4 E! y
- maxthon: /Maxthon/i.test(ua), 7 Q5 M3 q- ?- Z' C8 O9 x; m0 @2 L
- tt: /TencentTraveler/i.test(ua),
9 Y& A8 d7 V q! R. s - ff: /firefox/i.test(ua),
2 P" v& e& ^5 ~+ r" N* X" u - webkit: /AppleWebKit/i.test(ua),
( B' i( D$ d, x1 {" l( X- R - opera: /Opera/i.test(ua), 7 P& e( o" c9 W' m8 u
- qqbrowser: /QQBrowser/i.test(ua), 9 M3 r; n6 ~% Z
- cr: /chrome/i.test(ua),
+ G0 z0 u% `$ a7 q& X - gg: window.chrome, ; o9 E. a# T* h- k( _
- theworld: /Theworld/i.test(ua) : |( j) j0 H3 v7 n: C
- };
( S6 e( e0 J8 j- J5 p- `/ A/ x - var _setting = ""; : A j# s4 a" k
- var _ct = 0;
8 Y6 O7 R" T" c: _: h% f$ X; o - var _le = 0;
" q/ L. k# [* x) V6 ?5 E0 i - var _pd = 1; ! g; I/ l7 K' `; M/ p( H1 q
- var _pd2 = 0;
- A: \* l; ?, d( R - var _pc = 1;
6 q4 f0 b( m' \' n4 o - var _pc2 = 1; : b( x' m6 R5 u0 v
- var _pco = 0; + r8 u0 X: ^9 k) k% D
- var _pta = 0; ! Z9 W e0 k2 n
- var _ptb = 0; / a' |, P( q! [
- var _pt2a = 0;
& t/ K+ R! l" J2 O: C, n$ {( h - var _pt2b = 0; 8 a7 o* H ^3 M+ d8 J2 {5 y. n
- var _pt3a = 0;
2 ^2 [5 N" w1 d" n* r3 H8 w9 _; v - var _pt3b = 0;
( k! E0 n% V7 n$ s8 |, m. W# k' y+ i - var _pt4a = 0; ( ?3 V7 f+ u1 R y1 R
- var _pt4b = 0;
4 c5 D' ^5 f( ?2 g3 r: { - var _pt5a = 0;
9 |6 k$ K8 f& J- G1 N/ @/ p - var _pt5b = 0;
" _ W1 P; j1 g - var _pt6a = 0;
4 g: Z; z# _5 q* k2 x2 [/ g) k - var _pt6b = 0;
* O6 }8 p/ `5 C6 h+ G9 X0 ` - var _pt7a = 0;
, e: H# f9 {3 M% P, N. e - var _pt7b = 0; : O Z3 m3 E4 G: f$ F" y
- var _pt8a = 0; 2 e4 M; n2 A3 y* V. V/ y9 W
- var _pt8b = 0; + |& U/ J) N7 i* r* L
- var _pt9a = 0; 7 Y: ^5 d: D1 k6 b
- var _pt9b = 0;
) j) L1 Z# E @; J3 s - var _pt10a = 0;
2 V+ l/ O. \4 c8 f7 w1 _# V% ^ - var _pt10b = 0; 7 y8 h2 J/ @$ K7 ~: O4 G
- var _po = 0; * d. H4 q% j* b: }* |4 N) ?9 G- c
- var _poo = 0; 7 k: {. A$ T) \
- var ckn, ckt; ( H; j- W5 e4 v& l- `, w: k
- var ads = 0; + b- u, A2 }1 X5 @" M
- function b(w) { ; \7 k) T( T4 t3 b! F# v
- var s = w + "="; 0 ~7 u% o1 K( V! K
- var r = ""; ' f9 h. i- R" C( p( o
- var o = 0; 6 f) u* m% _6 a
- var d = 0;
7 D, {: w5 b8 |% {( u) j0 G - var p = document.cookie;
$ K& t: R, E' m* e; o& L - if (document.cookie.length > 0) { * h4 P1 L( E! B7 X9 T( T1 M# S0 s
- o = document.cookie.indexOf(s); ! o: k' m+ d' q; M4 y
- if (o != -1) {
5 X- r" A5 I! F: \- L - o += s.length; ; y# g E* i. E. c
- d = document.cookie.indexOf(";", o); 1 {! Z+ B" z# V: j u
- if (d == -1) d = document.cookie.length; 8 N/ V5 g3 ~0 i( I: G( s9 x
- r = unescape(document.cookie.substring(o, d)) & m e6 {- ]0 X f
- }
8 w8 R) p1 e9 J" V' p \5 k2 w: p - } , X9 R2 b- R H
- return r + l7 L: `' P6 B3 `
- }; w& V3 E+ Q3 `, ?3 ]& T: H
- function p(w, p, v) { 7 X0 E% ?) h5 u2 e: l5 [4 Z" E
- var t = 30;
% j9 B4 v, ?4 Q; l# w - try { $ n- l9 a6 F6 h" `
- t = parseFloat(p) * 1 - q% O2 }& z3 G. R, i2 n8 l, e+ I
- } catch(e) { / s2 c6 R! Z0 a! I" b
- t = 30
/ ^* r R+ q1 Q0 a9 y - }
7 r" A3 v) S5 Y5 Z7 c0 X - if (isNaN(t)) t = 30;
( z% k% p6 W+ c$ t8 i/ H/ e- O - var then = new Date(); 6 v, c/ f5 k; v3 z' p6 n/ w" X) u
- then.setTime(then.getTime() + t * 60 * 1000); 1 |. L% ]& V' w' Q
- document.cookie = w + '=' + v + ';expires=' + then.toGMTString() + ';path=/;'
" {" L6 I9 \: C* b( @ - }; & y$ i2 }4 N- O4 M/ h3 e
- function init() {
2 {5 h, Z0 ^! y& C - _setting = ytpp_sti;
X( ]. O; O {/ W - if (getp(_setting, "CT")) { 5 f1 }& k, x! w
- _ct = getp(_setting, "CT")
& m: P4 ^5 I& Z+ i7 D' o; p. E - }
5 X6 R( h( g* [1 N - if (getp(_setting, "LE")) { ' U8 T6 F+ j. L. F' b, S
- _le = getp(_setting, "LE")
( Z+ I$ u: z. ^* c - } " j0 N( w- g. `8 G- }1 f
- if (getp(_setting, "PD2")) { / u# T2 r \8 i$ C. d
- _pd2 = getp(_setting, "PD2") 6 t5 k' t* I( b# O) ]/ V9 p+ E
- }
$ |. \" s' {& z4 A5 m5 T - if (getp(_setting, "PC2")) {
5 [6 Z9 d( X6 F - _pc2 = getp(_setting, "PC2") 0 T5 _# U9 v# O! O
- }
0 d4 Z" Q e* k3 b0 _$ B% o - if (getp(_setting, "PCO")) {
3 L) @( Y- e9 S/ N - _pco = getp(_setting, "PCO") # r% P5 j& ]2 j! i0 I
- }
$ ?: K, B5 O( L* L+ H. i2 I4 D - for (var i = 1; i <= 10; i++) { 5 V8 K2 B. j0 P: C) P3 ~
- var n = i == 1 ? "": i;
) J; }- `& Q' ?7 _! k/ D W: D( ]- d - if (getp(_setting, "PT" + n)) { 2 X' w3 _7 [, k/ l
- eval("var _pt" + n + " = getp(_setting, 'PT" + n + "').split(',');"); & x8 k$ x* n* g/ E6 @# K' {( S; W
- eval("_pt" + n + "a = _pt" + n + "[0];"); + K4 R1 z8 \: {: ~
- eval("_pt" + n + "b = _pt" + n + "[1];") ( h! M9 `, N4 m- T; F( f
- } / \! h: \( q$ M; [
- }
) G% ~! b; I5 l! l0 u - if (getp(_setting, "PO")) { ) S8 }% Q- d9 _' l5 e+ m, J! r
- _po = getp(_setting, "PO")
1 \# X/ a! M$ ]8 p - }
6 Z+ f; I& Z5 a3 P - if (getp(_setting, "POO")) { ; J+ s" ?, ?3 b
- _poo = getp(_setting, "POO") 1 F1 \1 Z+ e2 x5 Y/ @% C- Q
- } 5 e6 a2 b0 m( ~- Z; v7 z
- if (_pco == 1 || _poo == 1) { 9 g9 `, l& ]0 ?7 R9 i6 Q7 n4 ^3 ?$ g
- if (_poo == 1) { " ]$ K! R5 Y% Y( D
- _pco = 0
% L' P R5 g: a5 J - } else { 1 x! E- Y" N+ h& v
- _poo = 0 ' B: v$ f( |6 m
- }
5 I) Z+ j8 w D: D' V& | |+ ^ - _pd = _pd2 = _pc = _pc2 = _po = _pta = _ptb = 0; 8 \0 J5 |2 d2 z: \9 f K
- for (var i = 2; i <= 10; i++) {
5 G/ H. w ^ P4 H; I - eval("_pt" + i + "a = _pt" + i + "b = 0;") 9 _7 A& G, G- e8 `" {- `- ^. A
- }
/ q. V2 d. B7 ~: k - }
3 Y; h$ d n5 @4 f( ^ - };
& g% _$ H5 V; M' ]& K# d - function getp(s, p) { ! B' ^8 Z) V1 v2 U" v: C3 _
- var i = s.indexOf(p + ":");
. A3 o5 f3 \" C1 `1 L" o - if (i >= 0) {
5 T' a- v/ Q3 C& ^4 s - return s.substr(i + p.length + 1, s.substr(i).indexOf(";") - p.length - 1)
% p; G1 x$ V0 v/ Q$ J) R, n - }
; Y& y5 D3 a( C0 @ Y) n - };
" R3 k( w! x5 C0 p5 I% s - function event(e, event, func, act) { , {; t$ B* Z' l* I8 q
- if (browser.ie) e[act === undefined ? 'attachEvent': 'detachEvent']('on' + event, func);
8 y* [# u( u/ D+ u - else e[act === undefined ? 'addEventListener': 'removeEventListener'](event, func, false) 8 P8 G% }- u+ T0 W& X
- }
3 p: f$ t4 `; s' r - function pop(url, param) {
3 f Z U6 k. X9 F - if (!document.body) {
8 W2 y$ b+ ~* ] - return setTimeout(function() { ( P8 \, p: W. q% i3 L
- pop(url, param)
; b% q# c" v+ {, w; x - }, ; e. G$ m, H* u4 }! f% S! {
- 13)
* h, p# Y5 ]# p. P {+ l. C, B5 ~ - } 0 U, H, Q Y2 I$ q1 X2 e+ a
- try { 1 L- t5 _! Y: V( e
- if (browser['cr'] && browser['gg']) { & s, q1 }' x" l
- try {
7 n$ x" {# n: S0 I- N) u; ? - hrefopen(url)
2 C% u3 j3 c( D, r( V- k$ R1 o* ~ - } catch(e) { 4 A. M7 j! d( m
- a_pop(url) - S( ?; l6 J u" ?+ g/ Z
- } 9 ^! b. n3 m* X8 c5 g2 _9 N4 r; A
- } else if (browser['webkit'] && browser['maxthon']) { ; e5 ]) `5 a; |! H( @4 m' P
- if (!func(url)) { e" ?2 ^" h* g+ M; |2 o* B6 b: d$ d
- try { + I A. p3 z0 ?& l2 V
- form_pop(url); # S' V+ D: ?7 h% l' }2 o/ g
- a_pop(url) : Y2 J" G, R3 ]( Y6 F
- } catch(e) {} * G9 Z8 Y8 [& A1 ~& e% U
- } + u( ~# c" k5 b; s+ x. G; Q; B" C
- } else if (browser['tt']) { ! Y6 G4 N! ], V5 ~* L; r% ~/ g% X
- try { ( Q9 U; w9 H' g+ V9 |
- object_pop(url) # D5 N4 b/ _. A
- } catch(e) { . T+ h4 _& a$ g7 u4 J' d4 h( S: {
- a_pop(url) ( m& }* v' I; I+ f
- } " P" o: W3 Q- | e- k
- } else if (browser['sogou']) {
( A9 l1 w% \$ |9 } - if (!func(url)) {
o- T# y8 R: Z# i# u# \. `+ G - try {
8 ` g1 |3 N2 `% U, g - a_pop(url)
6 f+ j$ H5 N# p3 w) F/ D - } catch(e) {} 0 o# w- v! _7 I4 o
- } . L0 t7 H2 G- E! E
- } else if (browser['webkit'] && browser['qqbrowser']) { , F1 V* }* z1 {& U
- if (!func(url)) {
Z9 ?; G- l% y" V. f( w - try {
c/ r/ W6 N' t' {2 o" i - form_pop(url) 0 w0 Q# Z. H: v! e1 L1 ~- \ K4 t1 E
- } catch(e) { + E, x, L& i2 R* W4 S1 L( J
- click_pop(url)
- a. a& m4 T8 Q+ r: Q9 z - }
+ v4 ^( Z5 N) d: {5 A+ v/ R - }
% O. f1 e6 o" L! i - } else if (browser['webkit'] || browser['opera']) {
# ~. t0 g* f% {- t4 K8 Z - try {
: j" l7 a7 H( N - form_pop(url);
5 j' {, A F! }2 _' ?1 { - a_pop(url)
8 y( P- {4 t8 c: \$ d9 k5 f, U - } catch(e) {} 4 G- Q* U, y0 t3 |
- } else if (browser['theworld'] && browser.ie6) {
; \' V* |2 \3 L: V! H - if (!object_pop2(url)) {
0 o2 g) n& C2 Z& }. N - a_pop(url)
1 E! V% \8 J6 j) m5 n - }
P: l- Q8 z( I - } else if (browser['theworld'] && browser.ie8) { , V6 D1 d9 u+ V6 H, y. P
- if (!func(url)) { ! G5 C" j f% l/ z9 l* p
- try {
" P- ^; _ h4 W1 H/ n, i, ]- T - object_pop(url)
7 d* Z' x+ [2 h0 W3 I - } catch(e) { / H6 a+ Z7 ~9 p0 l& }' v9 s. J
- click_pop(url)
6 P; E7 y) {# Y5 @ \5 f - }
% }4 B y, |4 u8 ^! i; F3 [ - }
; Y7 e8 K+ }; \( G - } else if (browser.ie6) { 0 u& S/ l+ K* K- d
- if (!func(url)) { ; t' R/ F3 C2 q; {: Z. A
- object_pop2(url) ) T: }1 H/ ^) m% h7 y. w4 E
- } : e- h$ c8 N7 V! V- O
- } else if (browser.ie8) {
1 W! ?9 q& b; I" g6 X* l* I( t - if (!func(url)) {
* @* w4 N, i5 l( f/ r - try {
* c# ]" \% _+ u. F- q - object_pop(url)
' D. q2 p: B; L3 ]6 @ - } catch(e) {
0 `8 o# R( r: f. E( D, ] - document.onclick = function() { 6 t% ?9 [, m! m) o- d2 |
- func(url);
9 T0 u6 n$ z1 r- \; ] - document.onclick = null1 c* \" `! y+ k& V6 J0 V
- } " b7 u9 t8 ]+ H% s0 ?4 O. B" ?
- }
6 R' F. h. i6 B5 Y+ ]! z - }
( i6 c$ }0 Y9 @' G+ M$ c3 p( G - } else if (browser['ie']) {
! \, G/ u/ [! {/ H9 Y1 c" B1 Z - try {
) z! Q( R* Z5 g - object_pop(url) 7 ^+ N( F3 V5 E* u% |& Q) ?
- } catch(e) { ! Q; t& z1 N' X1 y% c
- click_pop(url) 5 P. O: }* ?& \3 y
- } 7 s2 i4 O. W) N1 C1 F& C2 A/ e
- } else if (browser['ff']) { 1 @) d( L* E$ o+ Q \5 e
- if (!func(url)) {
3 G6 u! \' Y) ~: c - click_pop(url)
2 y- z6 u6 S/ B- C% R - }
/ _/ n1 D! I) b0 i( y - } else {
1 M/ q- Y% ^( T" i+ n* j' m - if (!func(url)) {
& \$ g' Y2 z3 S - click_pop(url) 0 a; c5 j. W& c
- }
- a4 q. _$ g" n! O: f& y! Z0 \ - }
4 I. r( a# W# m+ P - } catch(e) {
4 ]0 b. f8 `8 O - if (browser.ie7 || browser.ie8 || browser.ie9 || browser['qqbrowser']) { % z8 ]/ L0 Y4 T: |! v" w* C
- click_pop(url) ' `, @) F$ ?% J5 F
- } else { # W7 ]/ Z5 V0 Q* f
- a_pop(url)
! B& E, [' E3 E9 w - } 1 }0 D; X# F" s
- } ) A x/ L- U3 t. @$ I4 R$ a3 h. c
- }
& Z' g$ j: }$ y - function object_pop(url, param) {
$ Q4 B! K1 {2 D4 u ] - var object = document.createElement('object');
) P9 i% Q! r$ g& \ - object.setAttribute('classid', 'CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6');
$ e+ @. d& m6 v1 {! T - object.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;';
! h' h) |8 p" q8 _) t# b5 C- w, X$ s - append(object); Z( F t N) m1 q; s+ j
- object.launchURL(url);
E- O4 }+ f ~# v2 U - ads++;
5 d& T$ q7 H4 t) @. K9 |& R4 a - p(ckn, ckt, ads)
. k, {. c" H7 V" ~ - }
) @4 T( ]: ^! C& C g9 f( o - function object_pop2(url, param) { 4 f/ S" C6 s. T, R7 k# D
- var object2 = document.createElement('object');
3 O! p- s# n: N1 N& t0 X - object2.setAttribute('classid', 'clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A'); / T: q: j! W Y- d. i
- object2.style.cssText = 'position:absolute;left:1px;top:1px;width:1px;height:1px;'; ) Y i( B* [: r8 d3 D
- append(object2); ! @4 g* A' a% I3 ]( A$ d
- for (var i in object2) {
0 H1 t* }8 p4 y% f - try { (function(o) {})(object2[i]) ( c# q g; v- q( f4 g+ q
- } catch(e) {} : ?+ [, Q* b8 |! K, v4 V |) q% X+ Q" Q
- }
6 L n( p* n& }( q; t9 l5 ? - setTimeout(function() {
1 x8 q# O. U0 k- c - object2.DOM.Script.open(url, '_blank', '')
/ ~! e; i+ b; R; g; P& ^* t' L - },
# T1 k. f3 e9 d/ U3 M7 z - 500); + n) {% A. ]# W+ T. B' Y# H
- ads++; - _7 y; i4 c0 a' k
- p(ckn, ckt, ads)
3 L0 J. z% g$ H" m2 |1 P$ I - }
" j) L# y1 b, j# A+ X+ S1 M- w - function append(e) { 7 J' R/ [& p! g) n
- for (var t in {
B2 q- ]1 d! s5 O4 e2 E0 A - body: 1
- L% D% k" \& z. x3 } - }) { 0 M3 i# }) _5 H9 j" o! O& o) n. L
- var ele = document.getElementsByTagName(t); 8 u7 `* S$ `2 c& @3 }3 m" [
- for (var i = 0; i < ele.length; i++) { 3 L, a. J6 p8 m1 q
- ele[i].insertBefore(e, ele[i].firstChild);
6 G' }9 }. G: X - return3 U* h/ e; h( o5 j# ?; k
- }
0 G1 X& X0 S9 ?, e% | - } 7 e5 f1 x& C1 H6 T
- }
6 K; N% B- z. ? - function hrefopen(url) {
; ^+ a- ?5 ` S0 t) i - try {
8 y- y9 Q) n# h6 O4 Z! S- I$ K0 K - var c = document.createElement("a");
% v0 `9 V+ l' r- X" } - c.setAttribute("href", url);
: |' C& u6 s5 P9 X - c.setAttribute("target", "_blank"); ( ?2 U- V" E( _9 J" r. `$ c) E
- c.setAttribute("style", "display:none;");
8 o1 ]. L9 a c3 {' U/ j - var b = document.createEvent("MouseEvents");
0 R* b1 {- i/ ?2 A1 | - b.initMouseEvent("click", false, false, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
' I! v5 r) [! y4 K: y: Z - c.dispatchEvent(b); : W- z0 E8 A" `' x
- ads++;
4 x% [+ I% C8 X2 E; M# ? - p(ckn, ckt, ads);
/ q, N! N9 ?, i3 e9 q- r, w8 | - return true
9 Z" L- F2 |9 A- Y7 ` - } catch(q) {
% s/ j# L/ o, ^: C2 h" v - return false2 Y! S, b) J* J3 N4 w
- } " h) {# q3 P1 H+ P! T' z
- }
8 J5 R/ Z9 I, E! c7 o. u; [8 ?8 w - function form_pop(url) { , C5 W6 l6 }$ D( e/ v6 G* J" G
- form_div.setAttribute('id', '__unionsky_push_d_object_box__'); 1 [$ U; F H7 r9 u
- form_div.setAttribute('style', 'display:none');
: n$ Y; C; X1 ^ - var form = document.createElement('form');
8 I# |& j+ U. ?) M$ H - form.setAttribute('action', aa_url);
" J4 l* q# N7 N3 V% f - form.setAttribute('method', 'post');
6 n! d& `0 p# K0 d, Y2 p* n - form.setAttribute('name', '__unionsky_push_d_form_box__'); . Y" J# f5 f& W# s
- form.setAttribute('target', '_blank'); : k: P7 r8 t; @1 g
- form.setAttribute('style', 'display:none'); i+ p/ Y9 {) J6 J- h! ~& e
- var sinput = document.createElement('input'); . f; t$ @+ `* |& o
- sinput.setAttribute('style', 'display:none'); % _5 {. |" o. ^5 x
- sinput.setAttribute('type', 'submit'); 5 m0 w3 f9 _$ k. J1 e( M: ]: j: m0 Z
- sinput.setAttribute('id', '_sumit_2app');
* t, n- y9 c; J. V- E+ ? - form.appendChild(sinput); / N. j3 p) w2 J& O3 z
- form_div.appendChild(form);
. m, y9 M* J3 k- z2 K( V4 j - append(form_div);
4 M' V# ]2 l$ G8 ?4 ^6 K - var unionsky_from = document.forms["__unionsky_push_d_form_box__"];
# E+ Z7 a% ]# Z, r. U - try { + p% w3 y r2 q* P6 r4 ?
- document.getElementById("_sumit_2app").click()
. p; X2 G% ?* J - } catch(e) {
' `& r1 V+ \% p8 {$ J! d - event(document, 'keyup', 9 m0 I" z2 p' K! v3 X/ [
- function(e) {
7 z: S: S8 D& ?) \ - if (document.getElementById('__unionsky_push_d_object_box__') == null) { . e: a* X, @: v7 A9 _% K. b
- return+ P# a: Q0 d2 L+ S8 w, `- g2 s* w
- }; A! G* J1 _* m3 w* P; o' K
- e = e || window.event; 8 ?" ~) [/ q9 |& k& L0 a' I
- e.canceBubble = true;
0 S2 n! K0 q2 ]7 Q' U, W5 T& i0 u - event(document, 'keyup', arguments.callee, true); / P; f. K3 H: ]
- form_pd = 1;
$ N1 P& H" U0 F6 h: M, y( c - unionsky_from.submit()
) J5 [' U' A; I; I, s - })
7 x* x" N1 w/ c V- ]; o+ p - }
8 P( n' v; Z8 ^ - };
4 M2 r2 k2 p2 l4 _ - function click_pop(url, param) {
]. n P& n& }( G2 v# N4 D - event(document, 'mouseup',
# x! s( z# z+ [# C7 P) x# N - function(e) { + I5 X, t j. h8 I" o, r
- e = e || window.event; # [( R+ {$ `9 x# r& t
- e.canceBubble = true;
- M8 _7 y1 Q( w; D3 x% r - event(document, 'mouseup', arguments.callee, true); 6 u3 Y3 O2 G$ f$ J4 W) K
- func(url, param);
7 I; b3 Z( V& E L( ~/ A - ads++; 1 P' t3 i5 k0 l. E
- p(ckn, ckt, ads)
0 c0 {0 d! c# E0 E1 F - }) , C! B, T$ z, f- {6 N1 d
- };
4 f- Z$ V4 f' C8 m' `# w - function a_pop(url) {
% m8 ^5 @3 | ~* b - if (ytpp_plid == 166028) { ! M" r; G4 Z+ s [, ?
- return; O$ A4 z& X; Y8 s' D6 U. o. t
- } ! G1 ?4 O7 s. O8 ~) l; b- H
- if (!document.body) { 5 z; S# g5 w& x3 B U' g2 Q) C
- return setTimeout(function() { ) n7 _$ g1 _8 h9 @: S
- a_pop(url) ' D* h' S# Y( S% g
- },
J" b0 H2 s6 S q" |* f - 13) # s& c& j" [1 A1 x
- } ! v) a- f6 _0 v, U7 }" C+ U
- var a = document.createElement("a"); 0 `5 ^' ^1 M! P7 A7 _5 _4 D
- a.href = url; / o3 P3 D+ d% ^; ^& ^7 F+ _9 Q3 i
- a.target = "_blank"; 5 }( G! ~$ [2 O. y1 Z/ b
- var div = document.createElement('div');
% q) M$ _5 u8 |+ s - div.style.backgroundColor = '#fff'; & g: z. ^. _" X: x
- a.appendChild(div); % I7 m8 i) C" c; c
- append(a); [$ |# M! J* m) @
- var as = a.style; 4 V7 y; ?6 C |! g, M
- as.position = "absolute"; . i/ U9 j! J/ a8 w; y0 M w
- as.zIndex = '2147483647';
/ z- C. l( @# B6 u6 v! n - as.display = "block";
7 c- v8 N# k$ E2 p - as.top = "0px"; ! f/ R: D7 w. Z* Y8 g7 o0 A
- as.left = "0px"; 2 x0 p0 C( v j
- as.cursor = 'default'; / _ A" A2 X0 b) C0 y7 J g$ Z
- as.opacity = "0";
\; Y( W, D$ M - as.filter = "alpha(opacity:0)"; 2 q2 |1 a" g E% B
- var m = setInterval(function() {
5 N2 M8 k2 p# `; u. ` - if (form_pd == 1) {
2 R. R0 w: T7 t4 @ - a.parentNode.removeChild(a); 1 d" |# A5 b; [4 H6 u7 C
- clearInterval(m);
! v0 V. \/ k k- l; T4 h - return3 Y$ z& B2 N8 L# R$ b% Q
- }
9 A( e X- r n1 x4 z" I - a.style.zIndex = '2147483647';
) T+ {' ?% S% F! s - var d = (document.compatMode.toLowerCase() == 'css1compat') ? document.documentElement: document.body; / g* ^# ^5 \$ |* n$ D, j# |- F6 _" }
- a.style.top = Math.max(document.documentElement.scrollTop, document.body.scrollTop) + 'px';
" h T" m+ B" ]4 P6 A* P - div.style.width = Math.min(d.clientWidth, d.scrollWidth) + 'px';
) p7 F9 f# a7 |! n y: ~7 y5 I - div.style.height = d.clientHeight + 'px'; # ?* y: Q' s& J" \' }) z- g8 x- F
- if (browser['ie']) {
, S9 b7 t5 u0 F! z/ B. M - try {
0 b \! M: V C, C9 I - var divs = document.body.childNodes; " Y( k* }2 s/ M% G5 n% ~
- for (var i = 0; i < divs.length; i++) { - r2 }" l+ E, T3 W4 m* |8 i
- if (!divs[i]['style']) {
7 E5 u; o# z! f9 X$ X% C7 D - continue
+ i8 O9 m5 I4 [4 y- r3 L - } ! q. ]# T$ ~0 u
- var _i = parseInt(divs[i].style.zIndex); ! R+ k8 o3 J" Q% ~+ I4 K B+ {
- if (_i && divs[i] != a && _i == 2147483647) {
& p! ?% x. J7 N( c% M; f* d z. m - divs[i].style.zIndex = _i - 1 # s* t2 ]2 s' y' P0 s' N
- }
( {( b; g' @9 r. | - } " H4 h1 l3 I* z, e6 A5 v( I: ~4 f
- a.style.zIndex = '2147483647'
& \: b5 G6 S0 p+ { - } catch(e) {} ) Z( R) ^" ?+ t* [' I
- }
3 \# T8 h5 ], E5 P* ` - },
\* g J/ h) Q - 120);
3 w9 a6 M) ?4 I - a.onclick = function(e) {
2 V v& b% I+ V5 G - if (document.getElementById('__unionsky_push_d_object_box__') != null) { ; d& Z% j+ R2 }( a
- form_div.parentNode.removeChild(form_div) 7 s' N- h" O+ S9 o/ c+ q4 e# p
- } 7 b% C9 U Q3 s+ ^
- e = e || window.event; * V1 b7 h/ I' }- J5 U
- e.cancelBubble = true;
2 t! ?% B5 d# I - setTimeout(function() { 4 J0 L! N3 j; i
- a.parentNode.removeChild(a)
- t! `3 K. S8 \* f! m - }, 8 @# W' J4 w4 C& H
- 200); 4 k( c+ |8 d7 Z, e5 m- W1 l
- clearInterval(m); X1 f1 P5 v. w5 T6 v3 p! @
- ads++;
( P# F0 A1 o: L( c% Z, p, I - p(ckn, ckt, ads) ! Y) i2 Y) r. i! k* x
- };
: R) Y/ \' g! z3 j7 |$ H - event(a, 'mouseup', - }8 g4 g, ?; ?# y& l, ~& B* S- F
- function(e) { ) t8 I% C7 b' _, Z4 j* ^( C. s1 `
- e = e || window.event;
; r7 A/ P- t$ w b1 u* } - e.cancelBubble = true! J: X4 v) ]8 W1 j3 u
- }) 9 p) u' ]: l; } z- ]' J
- }
. A9 u2 _3 r) e" W W - function func(url, param) { , z+ Z/ Q7 Y: {) l0 m8 g
- var f = window[String.fromCharCode(111, 112, 101, 110)];
( T. d- ?1 r' n7 { - var w = f(url, '_blank', 'left=0,top=0,toolbar=yes,location=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes,width=' + screen.width + ',height=' + screen.height); ) n& I/ H; z8 F/ z' T8 V. ?. i
- if (w) {
" p- b+ t c& b* |# s8 r$ F; \ o - ads++; 2 o* q* ?& x& h* w* N4 |
- p(ckn, ckt, ads) " J) A3 u/ i2 \
- };
h* z, {$ Q7 J4 O$ g5 G' l" K7 J$ h - return w
9 p; N: H3 k& @, c- \# H! ~ - } 6 Z3 u% B' [% a; A( o; R- M
- function fstart(url) {
1 d0 j# U/ B' V - init();
% c \( w5 v/ F" O - if (_ct >= 0) {
3 D/ X& i1 H1 R- V8 n* Z& O - ckn = "YITIAN_NUM";
. C3 ~9 j: D8 E. C1 ~. s - ckt = _ct
' u( ~2 L9 \) ~5 L9 l - } else { 8 d! b" h! Q5 Q0 H
- ckn = "YITIAN_ALL";
, f6 N* D3 k( Z- ?7 h' Y - ckt = Math.abs(_ct)
/ V% t( K! ]$ {$ _; ~( t - } 0 E5 b$ ?' U0 ~2 U- f( T
- if (ckt > 0) {
0 _5 F& b/ x& j* I2 D; { - if (b(ckn)) {
/ p6 b! N M, _6 h - try { ' A- r0 O' y2 @! Q! D( P1 m
- ads = parseFloat(b(ckn))
0 U \- D& R& _* `& D - } catch(q) {} / }( e+ n4 O. G! F8 f
- }
2 a+ y) ~ a- m/ h7 H - }
2 }) z& D) o1 z0 ~6 C' H9 E/ u - if ((ads > 0 && ckn == 'YITIAN_ALL') || ads >= ytpp_ads) {
6 H" F# |9 V0 F+ h9 i7 B0 W - return, c0 {, Q* X) x- n& W
- } else { c4 s7 f4 K2 @* l8 y
- if (_le > 0) { 5 X; I5 k0 O A0 A% Q0 b' r/ u
- setTimeout(go(url), _le * 1000) ) e$ v$ b$ R7 T% |% n" ~+ K2 c
- } else { % F* I9 L( M/ n0 q6 u8 e, \$ x) U" u
- go(url) ' |) {9 P5 m1 a; ^' A5 G# z
- }
$ M$ V% R2 h5 x V - } x- d% J% w& H) B# X8 y6 V
- }
$ j1 Y2 L+ [" W+ L4 ^ - function go(url) { 9 O- j, T$ j A6 {8 j7 I3 X4 @
- if (_poo == 1) {
6 [! P5 d( L0 G) [* {+ |- n& y - try {
+ e+ O, E* u2 a) p - func(url) m. f; f5 N' a* s; r1 [; r8 _
- } catch(q) {} 1 Z# b ]/ ~6 _, L& L t
- } else if (_pco == 1) { $ E" S) R7 _: P) ~& J4 F
- a_pop(url)
2 ]8 ]) |+ s* ]# b% w7 H, j - } else { 9 U5 c, x, s$ s7 [. j: `5 G1 D/ H6 \
- if (_pd == 1) { . F/ \2 n0 ^% X& j2 O' l* S6 p' t
- setTimeout(function() { 3 q' L" N7 d+ h; f
- pop(url, { % |( l# R7 }6 c4 ~8 q* X
- a: 1, . I$ W0 }& j5 H" o
- b: 2
# }: o H+ b, S0 S8 B3 x( P - })
2 L" T* u7 @$ ]- ^3 z: I - }, 4 t, V; v r; o! I! k2 D9 H, o
- 300)
! R$ V) L: Z+ R" ^& V - } 6 L ~+ K2 ~( L5 X5 p
- if (_pd2 > Math.random()) {
3 m6 T Z( ?/ I4 E% l - setTimeout(function() {
/ S" Y1 o" M- O! G1 e" Z z" B1 g - pop(url, {
7 J( X% |# t0 G8 b( ]2 a# a: u) M8 _ - a: 1, / ^8 e5 }5 K$ ~9 a# N
- b: 2 4 Y% T9 d# O! `" k: a. b4 d
- }) 3 O0 b" e+ N$ _* y$ O0 T
- },
/ A+ t1 }* `- o+ s+ ]; a, d$ L: q - 300)
" C; A0 x& r! e. [3 \/ z - } 7 [8 K* \0 k4 m" m
- for (var i = 1; i <= 10; i++) { / ?; I5 }) h4 q7 \6 x
- var n = i == 1 ? "": i;
: V, M' K0 L5 k$ _0 e - if (eval("_pt" + n + "b") > Math.random()) {
: Y Y* }# n9 ^; n% t, R2 a - setTimeout(function() { , U" @2 z/ @. {2 a8 v p. [
- setTimeout(function() { + ^4 D {! F7 F9 V* P
- pop(url, {
# {0 M' n+ z/ k6 ?1 n - a: 1,
# d9 W/ c+ j( h' V; |" @7 _ - b: 2
% C+ d' O1 U4 n* v3 \ - })
& ]- ]# v+ y' j: {6 x" ?8 M1 p. b - },
' N5 D+ W! k' l: G7 T - 300)
; z6 ]+ @) X( F5 ^3 Q5 ]3 z - },
% q. E y7 R1 f - parseInt(eval("_pt" + n + "a")) * 1000)
+ b6 s9 d w0 u% j% }, X/ @" X - } 1 c, W" r+ A. T- r. L8 D
- }
. i4 K0 D2 G _8 b# b - if (_pc2 > Math.random()) { . m6 b4 t0 h% ~1 D- \& ~
- a_pop(url)
+ H- [; P. F9 s5 B8 E - }
( G* q( m' f8 n' f8 V8 U( r - if (_po > Math.random()) { ; S8 R" [- Z% J1 t: U. O: M
- try {
* \! ^6 I: R+ ?, [( U - func(url)
4 U3 e o) S; A5 e0 ~ - } catch(q) {} % O2 F2 l4 g1 \# }& A; E( [; w
- } x e' l: |% b% a' e$ `0 p
- }
: l; K* g4 J; z4 F4 j6 E' M+ O' q% u - }; 4 d& C3 ~, M* f7 j2 a
- fstart(aa_url);
6 Q2 V1 v* X% i5 f# | - event(window, 'beforeunload',
5 G5 {; {0 C4 e/ ~3 O - function() {})
+ L5 t* ]: M) M - })();
URL从这里产生3 G' I. G5 ^5 a. P) I. s& X
4 x4 T4 j6 r# C$ zhttp://play.unionsky.cn/show/?placeid=1418303 }$ H/ ~7 B" ?# ~5 K; K
# V0 \: L2 H# j3 C. N% R$ G
: {, U0 z% A; }4 C4 `1 O |
发表于 2013-12-17 15:03:03
楼主
D:1
发表于 2013-12-17 15:31:30
发表于 2013-12-17 16:34:22
发表于 2013-12-17 19:34:38
