cainiaoblog 23.2.171
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CNAME +1 -0
- package/MP_verify_o6dHCK5mIkxNpzvZ.txt +1 -0
- package/README.md +8 -0
- package/about/index.html +54 -0
- package/ads.txt +1 -0
- package/app/manual.html +104 -0
- package/appConfigs/config +1 -0
- package/archives/2018/index.html +48 -0
- package/archives/2019/index.html +48 -0
- package/archives/2019/page/2/index.html +48 -0
- package/archives/2020/index.html +48 -0
- package/archives/2021/index.html +48 -0
- package/archives/2022/index.html +48 -0
- package/archives/2023/index.html +48 -0
- package/archives/index.html +48 -0
- package/archives/page/2/index.html +48 -0
- package/archives/page/3/index.html +48 -0
- package/article/10047.html +148 -0
- package/article/10164.html +64 -0
- package/article/10624.html +436 -0
- package/article/10745.html +586 -0
- package/article/11674.html +71 -0
- package/article/11939.html +72 -0
- package/article/12238.html +86 -0
- package/article/1230.html +533 -0
- package/article/13265.html +69 -0
- package/article/13823.html +78 -0
- package/article/14125.html +72 -0
- package/article/14192.html +561 -0
- package/article/14375.html +85 -0
- package/article/14744.html +83 -0
- package/article/14936.html +451 -0
- package/article/1518.html +250 -0
- package/article/15428.html +71 -0
- package/article/15518.html +288 -0
- package/article/15569.html +418 -0
- package/article/1566.html +122 -0
- package/article/16017.html +156 -0
- package/article/16947.html +440 -0
- package/article/17096.html +82 -0
- package/article/17246.html +89 -0
- package/article/17575.html +350 -0
- package/article/179.html +757 -0
- package/article/18039.html +233 -0
- package/article/18071.html +375 -0
- package/article/18142.html +71 -0
- package/article/19909.html +160 -0
- package/article/20014.html +89 -0
- package/article/20021.html +389 -0
- package/article/20037.html +280 -0
- package/article/20056.html +95 -0
- package/article/20093.html +404 -0
- package/article/2021.html +607 -0
- package/article/20459.html +115 -0
- package/article/20613.html +263 -0
- package/article/20635.html +71 -0
- package/article/21317.html +71 -0
- package/article/21320.html +90 -0
- package/article/21782.html +548 -0
- package/article/22230.html +435 -0
- package/article/22237.html +347 -0
- package/article/22398.html +109 -0
- package/article/22422.html +270 -0
- package/article/22565.html +300 -0
- package/article/23046.html +250 -0
- package/article/23083.html +215 -0
- package/article/23195.html +297 -0
- package/article/23301.html +835 -0
- package/article/23589.html +285 -0
- package/article/23655.html +338 -0
- package/article/23864.html +76 -0
- package/article/23914.html +96 -0
- package/article/24169.html +135 -0
- package/article/24581.html +349 -0
- package/article/2475.html +500 -0
- package/article/24826.html +77 -0
- package/article/24924.html +247 -0
- package/article/25164.html +1495 -0
- package/article/25318.html +394 -0
- package/article/25710.html +1129 -0
- package/article/25734.html +83 -0
- package/article/26083.html +174 -0
- package/article/26147.html +283 -0
- package/article/26291.html +110 -0
- package/article/26354.html +71 -0
- package/article/26624.html +145 -0
- package/article/26639.html +298 -0
- package/article/26850.html +138 -0
- package/article/26940.html +258 -0
- package/article/27796.html +190 -0
- package/article/27800.html +161 -0
- package/article/28963.html +159 -0
- package/article/28976.html +247 -0
- package/article/29042.html +72 -0
- package/article/29596.html +81 -0
- package/article/29619.html +183 -0
- package/article/29623.html +329 -0
- package/article/29829.html +205 -0
- package/article/29abbd1c.html +112 -0
- package/article/30215.html +178 -0
- package/article/30552.html +78 -0
- package/article/30818.html +201 -0
- package/article/31330.html +364 -0
- package/article/3154.html +577 -0
- package/article/31695.html +348 -0
- package/article/31826.html +71 -0
- package/article/31843.html +132 -0
- package/article/32280.html +212 -0
- package/article/32431.html +74 -0
- package/article/32443.html +72 -0
- package/article/32732.html +122 -0
- package/article/3286.html +251 -0
- package/article/32960.html +198 -0
- package/article/33713.html +72 -0
- package/article/33899.html +615 -0
- package/article/34351.html +74 -0
- package/article/34372.html +89 -0
- package/article/34410.html +74 -0
- package/article/34431.html +118 -0
- package/article/3447.html +75 -0
- package/article/34474.html +142 -0
- package/article/34871.html +147 -0
- package/article/35397.html +175 -0
- package/article/3544.html +199 -0
- package/article/35503.html +115 -0
- package/article/35624.html +84 -0
- package/article/35697.html +384 -0
- package/article/35863.html +73 -0
- package/article/36037.html +253 -0
- package/article/36118.html +71 -0
- package/article/3621.html +119 -0
- package/article/36251.html +296 -0
- package/article/36642.html +352 -0
- package/article/37102.html +763 -0
- package/article/37336.html +351 -0
- package/article/37351.html +89 -0
- package/article/3760.html +294 -0
- package/article/37749.html +75 -0
- package/article/37789.html +83 -0
- package/article/38005.html +765 -0
- package/article/38009.html +284 -0
- package/article/38269.html +194 -0
- package/article/38344.html +88 -0
- package/article/38359.html +334 -0
- package/article/38423.html +379 -0
- package/article/38530.html +213 -0
- package/article/38743.html +268 -0
- package/article/38753.html +204 -0
- package/article/38881.html +71 -0
- package/article/39087.html +414 -0
- package/article/39309.html +84 -0
- package/article/39486.html +74 -0
- package/article/39637.html +306 -0
- package/article/39839.html +72 -0
- package/article/39937.html +152 -0
- package/article/39970.html +71 -0
- package/article/402.html +559 -0
- package/article/40698.html +71 -0
- package/article/40811.html +71 -0
- package/article/40964.html +462 -0
- package/article/41011.html +322 -0
- package/article/41152.html +78 -0
- package/article/41696.html +71 -0
- package/article/41717.html +281 -0
- package/article/41777.html +149 -0
- package/article/419.html +985 -0
- package/article/4233.html +136 -0
- package/article/4292.html +86 -0
- package/article/43302.html +96 -0
- package/article/43397.html +106 -0
- package/article/43724.html +281 -0
- package/article/43999.html +224 -0
- package/article/44426.html +77 -0
- package/article/44964.html +137 -0
- package/article/45004.html +123 -0
- package/article/4510.html +83 -0
- package/article/45156.html +320 -0
- package/article/45157.html +52 -0
- package/article/45267.html +87 -0
- package/article/45641.html +207 -0
- package/article/45960.html +75 -0
- package/article/46100.html +1262 -0
- package/article/46366.html +74 -0
- package/article/46771.html +96 -0
- package/article/46911.html +517 -0
- package/article/46948.html +137 -0
- package/article/46ee4850.html +349 -0
- package/article/47019.html +84 -0
- package/article/47532.html +94 -0
- package/article/4783.html +429 -0
- package/article/47972.html +72 -0
- package/article/48216.html +127 -0
- package/article/48252.html +185 -0
- package/article/48520.html +74 -0
- package/article/48722.html +75 -0
- package/article/48807.html +99 -0
- package/article/49126.html +323 -0
- package/article/50001.html +88 -0
- package/article/50058.html +151 -0
- package/article/50343.html +410 -0
- package/article/50510.html +82 -0
- package/article/51082.html +98 -0
- package/article/51677.html +111 -0
- package/article/5204.html +1085 -0
- package/article/52500.html +538 -0
- package/article/52689.html +259 -0
- package/article/52877.html +569 -0
- package/article/53125.html +191 -0
- package/article/53428.html +251 -0
- package/article/53524.html +74 -0
- package/article/53698.html +322 -0
- package/article/53803e6.html +93 -0
- package/article/53924.html +291 -0
- package/article/53962.html +253 -0
- package/article/54006.html +71 -0
- package/article/54018.html +88 -0
- package/article/54161.html +83 -0
- package/article/54178.html +69 -0
- package/article/54258.html +327 -0
- package/article/54295.html +214 -0
- package/article/54313.html +1976 -0
- package/article/54351.html +90 -0
- package/article/54604.html +80 -0
- package/article/54632.html +71 -0
- package/article/54912.html +756 -0
- package/article/54918.html +129 -0
- package/article/55119.html +136 -0
- package/article/55756.html +118 -0
- package/article/55769.html +136 -0
- package/article/55870.html +161 -0
- package/article/56139.html +92 -0
- package/article/56557.html +69 -0
- package/article/56604.html +69 -0
- package/article/56816.html +266 -0
- package/article/56926.html +153 -0
- package/article/57747.html +409 -0
- package/article/57965.html +475 -0
- package/article/58816.html +78 -0
- package/article/59059.html +435 -0
- package/article/59095.html +350 -0
- package/article/59349.html +244 -0
- package/article/59402.html +216 -0
- package/article/59448.html +55 -0
- package/article/59870.html +94 -0
- package/article/59877.html +208 -0
- package/article/5dbb6f41.html +86 -0
- package/article/6008.html +75 -0
- package/article/60327.html +126 -0
- package/article/6035.html +76 -0
- package/article/60428.html +71 -0
- package/article/60544.html +128 -0
- package/article/61319.html +95 -0
- package/article/61367.html +93 -0
- package/article/624d1918.html +292 -0
- package/article/62543.html +71 -0
- package/article/62887.html +169 -0
- package/article/63074.html +120 -0
- package/article/63266.html +311 -0
- package/article/63351.html +74 -0
- package/article/63542.html +104 -0
- package/article/63824.html +275 -0
- package/article/64051.html +653 -0
- package/article/64189b69.html +72 -0
- package/article/64354.html +75 -0
- package/article/64869.html +79 -0
- package/article/64923.html +596 -0
- package/article/65128.html +95 -0
- package/article/65295.html +79 -0
- package/article/6888.html +75 -0
- package/article/7065.html +84 -0
- package/article/7455.html +85 -0
- package/article/7a3ef8f.html +315 -0
- package/article/8140.html +188 -0
- package/article/8190.html +85 -0
- package/article/8225.html +78 -0
- package/article/84c9ccd6.html +159 -0
- package/article/8f9a9ae3.html +82 -0
- package/article/9174.html +73 -0
- package/article/9738.html +294 -0
- package/article/a4145266.html +71 -0
- package/article/bedea419.html +72 -0
- package/article/bf7e7421.html +78 -0
- package/article/c1867fbf.html +103 -0
- package/article/c5576490.html +70 -0
- package/article/dcb0db28.html +76 -0
- package/article/fc3b727a.html +79 -0
- package/atom.xml +445 -0
- package/baidusitemap.xml +1079 -0
- package/blocks/dns.txt +264 -0
- package/blocks/filter.txt +1070 -0
- package/blocks/script.js +42 -0
- package/categories/CDN/index.html +48 -0
- package/categories/IDE/index.html +48 -0
- package/categories/git/index.html +48 -0
- package/categories/hexo/index.html +48 -0
- package/categories//345/205/254/345/205/261/350/212/202/346/227/245/index.html +48 -0
- package/categories//345/210/206/344/272/253/index.html +48 -0
- package/categories//345/211/215/347/253/257/index.html +48 -0
- package/categories//345/211/215/347/253/257/page/2/index.html +48 -0
- package/categories//345/211/215/347/253/257//346/265/217/350/247/210/345/231/250/index.html +48 -0
- package/categories//345/211/215/347/253/257//346/265/217/350/247/210/345/231/250//347/275/221/347/273/234/345/215/217/350/256/256/index.html +48 -0
- package/categories//345/215/232/345/256/242/index.html +48 -0
- package/categories//345/267/245/345/205/267/index.html +48 -0
- package/categories//345/271/277/345/221/212/350/277/207/346/273/244/index.html +48 -0
- package/categories//345/271/277/345/221/212/350/277/207/346/273/244//350/247/206/351/242/221/347/224/265/350/247/206/345/260/217/350/257/264/346/274/253/347/224/273/350/265/204/350/256/257/351/237/263/344/271/220/index.html +48 -0
- package/categories//346/255/243/345/210/231/index.html +48 -0
- package/categories//346/265/217/350/247/210/345/231/250/index.html +48 -0
- package/categories//347/256/227/346/263/225/index.html +48 -0
- package/categories//350/265/204/350/256/257/index.html +48 -0
- package/categories//350/275/273/346/235/276/344/270/200/345/210/273/index.html +48 -0
- package/cdn/css/font-awesome.min.css +4 -0
- package/cdn/css/grids-responsive-min.css +7 -0
- package/cdn/css/normalize.css +349 -0
- package/cdn/css/pure-min.css +11 -0
- package/cdn/fonts/fontawesome-webfont.eot +0 -0
- package/cdn/fonts/fontawesome-webfont.svg +2671 -0
- package/cdn/fonts/fontawesome-webfont.ttf +0 -0
- package/cdn/fonts/fontawesome-webfont.woff +0 -0
- package/cdn/fonts/fontawesome-webfont.woff2 +0 -0
- package/cdn/js/Valine.min.js +17 -0
- package/cdn/js/canvas-nest.js +1 -0
- package/cdn/js/clipboard.min.js +7 -0
- package/cdn/js/crypto-js.js +25 -0
- package/cdn/js/jquery.min.js +2 -0
- package/css/default.css +1144 -0
- package/css/donate.css +338 -0
- package/css/hbe.style.css +749 -0
- package/css/style.css +2095 -0
- package/donate/index.html +39 -0
- package/google917dcf72f6e5c7f5.html +1 -0
- package/guestbook/index.html +68 -0
- package/hosts/ads.txt +149 -0
- package/hosts/flash.txt +9 -0
- package/hosts/github.txt +6 -0
- package/hosts/google.txt +16936 -0
- package/hosts/winrar.txt +2 -0
- package/img/alipay.svg +46 -0
- package/img/bitcoin.svg +135 -0
- package/img/blog.ico +0 -0
- package/img/blog.png +0 -0
- package/img/gaba.png +0 -0
- package/img/github.svg +1 -0
- package/img/like.svg +1 -0
- package/img/mp-mini.jpg +0 -0
- package/img/mp.png +0 -0
- package/img/paypal.svg +63 -0
- package/img/upy_logo.svg +59 -0
- package/img/wechat.svg +49 -0
- package/index.html +48 -0
- package/jd_root.txt +1 -0
- package/js/codeblock-resizer.js +51 -0
- package/js/dark.js +12 -0
- package/js/donate.js +87 -0
- package/js/fixedPage.js +106 -0
- package/js/gitment.browser.js +3751 -0
- package/js/search.js +86 -0
- package/js/share.js +60 -0
- package/js/smartresize.js +32 -0
- package/js/totop.js +12 -0
- package/kankan/index.html +77 -0
- package/lib/hbe.js +293 -0
- package/package.json +25 -0
- package/page/10/index.html +49 -0
- package/page/11/index.html +59 -0
- package/page/12/index.html +67 -0
- package/page/13/index.html +63 -0
- package/page/14/index.html +66 -0
- package/page/15/index.html +60 -0
- package/page/16/index.html +60 -0
- package/page/17/index.html +62 -0
- package/page/18/index.html +61 -0
- package/page/19/index.html +58 -0
- package/page/2/index.html +48 -0
- package/page/20/index.html +57 -0
- package/page/21/index.html +61 -0
- package/page/22/index.html +55 -0
- package/page/23/index.html +64 -0
- package/page/24/index.html +60 -0
- package/page/25/index.html +58 -0
- package/page/26/index.html +48 -0
- package/page/27/index.html +58 -0
- package/page/3/index.html +48 -0
- package/page/4/index.html +48 -0
- package/page/5/index.html +51 -0
- package/page/6/index.html +51 -0
- package/page/7/index.html +51 -0
- package/page/8/index.html +53 -0
- package/page/9/index.html +48 -0
- package/randomcall/README.html +1 -0
- package/randomcall/lucker.html +290 -0
- package/randomcall/lucky.png +0 -0
- package/robots.txt +22 -0
- package/search.xml +6740 -0
- package/sitemap.xml +2669 -0
- package/tags//345/216/237/345/210/233/index.html +48 -0
- package/tags//345/250/261/344/271/220/index.html +48 -0
- package/tags//346/211/213/345/206/231/index.html +48 -0
- package/tags//347/226/253/346/203/205/index.html +48 -0
- package/tags//350/275/254/350/275/275/index.html +48 -0
- package/tags//350/275/254/350/275/275/page/2/index.html +48 -0
- package/v.html +90 -0
|
@@ -0,0 +1,351 @@
|
|
|
1
|
+
<!DOCTYPE html><html lang="zh-CN" data-dark><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="black-translucent" name="apple-mobile-web-app-status-bar-style"><meta content="telephone=no" name="format-detection"><meta name="description" content="前端壹菜鸟,记录工作难题,关注前端知识,收集精彩博文,做技术的搬运工"><meta name="msvalidate.01" content="0FE4D8B3381D3D87088996B886E1E2BD"><title>寒冬求职之你必须要懂的Web安全 | 前端壹菜鸟</title><link rel="stylesheet" type="text/css" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/css/style.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/normalize.css@latest/normalize.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/purecss@latest/build/pure-min.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/purecss@latest/build/grids-responsive-min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css"><link rel="icon" mask="" sizes="any" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.ico"><link rel="Shortcut Icon" type="image/x-icon" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.ico"><link rel="apple-touch-icon" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.png"><link rel="apple-touch-icon-precomposed" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.png"><link rel="alternate" type="application/atom+xml" href="/atom.xml"><script type="text/javascript" src="//cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js"></script><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8385136408348258"></script><script src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script><script>(function(){
|
|
2
|
+
var bp = document.createElement('script');
|
|
3
|
+
var curProtocol = window.location.protocol.split(':')[0];
|
|
4
|
+
if (curProtocol === 'https'){
|
|
5
|
+
bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
|
|
6
|
+
}
|
|
7
|
+
else{
|
|
8
|
+
bp.src = 'http://push.zhanzhang.baidu.com/push.js';
|
|
9
|
+
}
|
|
10
|
+
var s = document.getElementsByTagName("script")[0];
|
|
11
|
+
s.parentNode.insertBefore(bp, s);
|
|
12
|
+
})();
|
|
13
|
+
</script><script>(function(){
|
|
14
|
+
var src = 'https://jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba';
|
|
15
|
+
document.write('<script src="' + src + '" id="sozz"><\/script>');
|
|
16
|
+
})();
|
|
17
|
+
</script><script>var _hmt=_hmt||[];(function(){var hm=document.createElement("script");hm.src='https://hm.baidu.com/hm.js?011f0b44e8452bfa57fbfa23c5fe7683';var s=document.getElementsByTagName("script")[0];s.parentNode.insertBefore(hm, s);})();
|
|
18
|
+
</script><script async src="https://www.googletagmanager.com/gtag/js?id=UA-150860401-1"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);};gtag('js',new Date());gtag('config','UA-150860401-1');
|
|
19
|
+
</script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/fixedPage.min.js"></script><meta name="generator" content="Hexo 6.3.0"></head><body><div class="body_container"><div id="header"><div class="site-name"><a id="logo" href="/.">前端壹菜鸟</a><p class="description">关注前端知识,收集精彩博文,做技术的搬运工</p></div><div id="nav-menu"><a class="current" href="/." target="_self"><i class="fa fa-home"> 首页</i></a><a href="/archives/" target="_self"><i class="fa fa-archive"> 归档</i></a><a href="/guestbook/" target="_self"><i class="fa fa-comments"> 留言</i></a><a href="/about/" target="_self"><i class="fa fa-user"> 关于</i></a><a href="https://laonongmin.online/" target="_target"><i class="fa fa-group"> 看看</i></a><a href="https://love.xuehuayu.cn/" target="_target"><i class="fa fa-heart"> LOVE</i></a></div></div><div class="pure-g" id="layout"><div class="pure-u-1 pure-u-md-3-4"><div class="content_container"><div class="post"><h1 class="post-title c-post">寒冬求职之你必须要懂的Web安全</h1><div class="post-meta"><span class="date">2019-10-03</span><span> | </span><span class="tag"><a href="/tags/%E8%BD%AC%E8%BD%BD/">转载 </a></span><span> | </span><span class="category"><a href="/categories/%E5%88%86%E4%BA%AB/">分享 </a></span><span id="busuanzi_container_page_pv"> | <span id="busuanzi_value_page_pv"><i class="fa fa-spinner"></i></span><span> 阅读</span></span><span class="post-time"><span class="post-meta-item-text"> | </span><span class="post-meta-item-icon"><i class="fa fa-keyboard-o"></i><span class="post-count"> 5.2k</span><span class="post-meta-item-text"> 字</span></span></span><span class="post-time"> | <span class="post-meta-item-icon"><i class="fa fa-hourglass-half"></i><span class="post-count"> 19</span><span class="post-meta-item-text"> 分钟</span></span></span></div><a class="disqus-comment-count" href="/article/37336.html#vcomment"><span class="waline-comment-count" data-path="/article/37336.html"></span><span> 条评论</span></a><div class="post-content"><p><code>原文地址:https://github.com/YvetteLau/Blog/issues/29</code></p>
|
|
20
|
+
<p>随着互联网的发展,各种Web应用变得越来越复杂,满足了用户的各种需求的同时,各种网络安全问题也接踵而至。作为前端工程师的我们也逃不开这个问题,今天一起看一看Web前端有哪些安全问题以及我们如何去检测和防范这些问题。非前端的攻击本文不会讨论(如SQL注入,DDOS攻击等),毕竟后端也非本人擅长的领域。</p>
|
|
21
|
+
<span id="more"></span>
|
|
22
|
+
|
|
23
|
+
<p>QQ邮箱、新浪微博、YouTube、WordPress 和 百度 等知名网站都曾遭遇攻击,如果你从未有过安全方面的问题,不是因为你所开发的网站很安全,更大的可能是你的网站的流量非常低或者没有攻击的价值。</p>
|
|
24
|
+
<p>本文主要讨论以下几种攻击方式: XSS攻击、CSRF攻击、点击劫持以及URL跳转漏洞。</p>
|
|
25
|
+
<blockquote>
|
|
26
|
+
<p><strong>希望大家在阅读完本文之后,能够很好的回答以下几个面试题。</strong></p>
|
|
27
|
+
</blockquote>
|
|
28
|
+
<p>1.前端有哪些攻击方式?</p>
|
|
29
|
+
<p>2.什么是XSS攻击?XSS攻击有几种类型?如果防范XSS攻击?</p>
|
|
30
|
+
<p>3.什么是CSRF攻击?如何防范CSRF攻击</p>
|
|
31
|
+
<p>4.如何检测网站是否安全?</p>
|
|
32
|
+
<p>在开始之前,建议大家先clone代码,我为大家准备好了示例代码,并且写了详细的注释,大家可以对照代码来理解每一种攻击以及如何去防范攻击,毕竟看再多的文字,都不如实操。(Readme中详细得写了操作步骤):<a target="_blank" rel="noopener" href="https://github.com/YvetteLau/Blog/tree/master/Security">https://github.com/YvetteLau/Blog/tree/master/Security</a></p>
|
|
33
|
+
<p><a target="_blank" rel="noopener" href="https://camo.githubusercontent.com/3f35d69fcaf65dbb37d6e58cd98ab9c353897e1c/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434533623862396562323035376266343935353936666532663334383334666630302f3239353034"><img src="https://camo.githubusercontent.com/3f35d69fcaf65dbb37d6e58cd98ab9c353897e1c/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434533623862396562323035376266343935353936666532663334383334666630302f3239353034" alt="xuehuayu.cn"></a></p>
|
|
34
|
+
<h2 id="1-XSS攻击"><a href="#1-XSS攻击" class="headerlink" title="1. XSS攻击"></a>1. XSS攻击</h2><p>XSS(Cross-Site Scripting,跨站脚本攻击)是一种代码注入攻击。攻击者在目标网站上注入恶意代码,当被攻击者登陆网站时就会执行这些恶意代码,这些脚本可以读取 cookie,session tokens,或者其它敏感的网站信息,对用户进行钓鱼欺诈,甚至发起蠕虫攻击等。</p>
|
|
35
|
+
<p>XSS 的本质是:恶意代码未经过滤,与网站正常的代码混在一起;浏览器无法分辨哪些脚本是可信的,导致恶意脚本被执行。由于直接在用户的终端执行,恶意代码能够直接获取用户的信息,利用这些信息冒充用户向网站发起攻击者定义的请求。</p>
|
|
36
|
+
<blockquote>
|
|
37
|
+
<p>XSS分类</p>
|
|
38
|
+
</blockquote>
|
|
39
|
+
<p>根据攻击的来源,XSS攻击可以分为存储型(持久性)、反射型(非持久型)和DOM型三种。下面我们来详细了解一下这三种XSS攻击:</p>
|
|
40
|
+
<blockquote>
|
|
41
|
+
<h3 id="1-1-反射型XSS"><a href="#1-1-反射型XSS" class="headerlink" title="1.1 反射型XSS"></a>1.1 反射型XSS</h3></blockquote>
|
|
42
|
+
<p>当用户点击一个恶意链接,或者提交一个表单,或者进入一个恶意网站时,注入脚本进入被攻击者的网站。Web服务器将注入脚本,比如一个错误信息,搜索结果等,未进行过滤直接返回到用户的浏览器上。</p>
|
|
43
|
+
<blockquote>
|
|
44
|
+
<p>反射型 XSS 的攻击步骤:</p>
|
|
45
|
+
</blockquote>
|
|
46
|
+
<ol>
|
|
47
|
+
<li>攻击者构造出特殊的 <code>URL</code>,其中包含恶意代码。</li>
|
|
48
|
+
<li>用户打开带有恶意代码的 <code>URL</code> 时,网站服务端将恶意代码从 <code>URL</code> 中取出,拼接在 HTML 中返回给浏览器。</li>
|
|
49
|
+
<li>用户浏览器接收到响应后解析执行,混在其中的恶意代码也被执行。</li>
|
|
50
|
+
<li>恶意代码窃取用户数据并发送到攻击者的网站,或者冒充用户的行为,调用目标网站接口执行攻击者指定的操作。</li>
|
|
51
|
+
</ol>
|
|
52
|
+
<p>反射型 XSS 漏洞常见于通过 <code>URL</code> 传递参数的功能,如网站搜索、跳转等。由于需要用户主动打开恶意的 <code>URL</code> 才能生效,攻击者往往会结合多种手段诱导用户点击。</p>
|
|
53
|
+
<p>POST 的内容也可以触发反射型 XSS,只不过其触发条件比较苛刻(需要构造表单提交页面,并引导用户点击),所以非常少见。</p>
|
|
54
|
+
<blockquote>
|
|
55
|
+
<p>查看反射型攻击示例</p>
|
|
56
|
+
</blockquote>
|
|
57
|
+
<p>请戳: <a target="_blank" rel="noopener" href="https://github.com/YvetteLau/Blog/tree/master/Security">https://github.com/YvetteLau/Blog/tree/master/Security</a></p>
|
|
58
|
+
<p>根据 <code>README.md</code> 的提示进行操作(真实情况下是需要诱导用户点击的,上述代码仅是用作演示)。</p>
|
|
59
|
+
<p>注意<code>Chrome</code> 和 <code>Safari</code> 能够检测到 <code>url</code> 上的xss攻击,将网页拦截掉,但是其它浏览器不行,如<code>Firefox</code></p>
|
|
60
|
+
<p>如果不希望被前端拿到cookie,后端可以设置 <code>httpOnly</code> (不过这不是 <code>XSS攻击</code> 的解决方案,只能降低受损范围)</p>
|
|
61
|
+
<blockquote>
|
|
62
|
+
<p>如何防范反射型XSS攻击</p>
|
|
63
|
+
</blockquote>
|
|
64
|
+
<p><strong>对字符串进行编码。</strong></p>
|
|
65
|
+
<p>对url的查询参数进行转义后再输出到页面。</p>
|
|
66
|
+
<pre><code>app.get('/welcome', function(req, res) {
|
|
67
|
+
//对查询参数进行编码,避免反射型 XSS攻击res.send(`${encodeURIComponent(req.query.type)}`);
|
|
68
|
+
});
|
|
69
|
+
</code></pre>
|
|
70
|
+
<blockquote>
|
|
71
|
+
<h3 id="1-2-DOM-型-XSS"><a href="#1-2-DOM-型-XSS" class="headerlink" title="1.2 DOM 型 XSS"></a>1.2 DOM 型 XSS</h3></blockquote>
|
|
72
|
+
<p>DOM 型 XSS 攻击,实际上就是前端 <code>JavaScript</code> 代码不够严谨,把不可信的内容插入到了页面。在使用 <code>.innerHTML</code>、<code>.outerHTML</code>、<code>.appendChild</code>、<code>document.write()</code>等API时要特别小心,不要把不可信的数据作为 HTML 插到页面上,尽量使用 <code>.innerText</code>、<code>.textContent</code>、<code>.setAttribute()</code> 等。</p>
|
|
73
|
+
<blockquote>
|
|
74
|
+
<p>DOM 型 XSS 的攻击步骤:</p>
|
|
75
|
+
</blockquote>
|
|
76
|
+
<ol>
|
|
77
|
+
<li>攻击者构造出特殊数据,其中包含恶意代码。</li>
|
|
78
|
+
<li>用户浏览器执行了恶意代码。</li>
|
|
79
|
+
<li>恶意代码窃取用户数据并发送到攻击者的网站,或者冒充用户的行为,调用目标网站接口执行攻击者指定的操作。</li>
|
|
80
|
+
</ol>
|
|
81
|
+
<blockquote>
|
|
82
|
+
<p>如何防范 DOM 型 XSS 攻击</p>
|
|
83
|
+
</blockquote>
|
|
84
|
+
<p>防范 DOM 型 XSS 攻击的核心就是对输入内容进行转义(DOM 中的内联事件监听器和链接跳转都能把字符串作为代码运行,需要对其内容进行检查)。</p>
|
|
85
|
+
<p>1.对于<code>url</code>链接(例如图片的<code>src</code>属性),那么直接使用 <code>encodeURIComponent</code> 来转义。</p>
|
|
86
|
+
<p>2.非<code>url</code>,我们可以这样进行编码:</p>
|
|
87
|
+
<pre><code>functionencodeHtml(str) {
|
|
88
|
+
returnstr.replace(/"/g, '&quot;')
|
|
89
|
+
.replace(/'/g, '&apos;')
|
|
90
|
+
.replace(/</g, '&lt;')
|
|
91
|
+
.replace(/>/g, '&gt;');
|
|
92
|
+
}
|
|
93
|
+
</code></pre>
|
|
94
|
+
<p>DOM 型 XSS 攻击中,取出和执行恶意代码由浏览器端完成,属于前端 JavaScript 自身的安全漏洞。</p>
|
|
95
|
+
<blockquote>
|
|
96
|
+
<p>查看DOM型XSS攻击示例(根据readme提示查看)</p>
|
|
97
|
+
</blockquote>
|
|
98
|
+
<p>请戳: <a target="_blank" rel="noopener" href="https://github.com/YvetteLau/Blog/tree/master/Security">https://github.com/YvetteLau/Blog/tree/master/Security</a></p>
|
|
99
|
+
<blockquote>
|
|
100
|
+
<h3 id="1-3-存储型XSS"><a href="#1-3-存储型XSS" class="headerlink" title="1.3 存储型XSS"></a>1.3 存储型XSS</h3></blockquote>
|
|
101
|
+
<p>恶意脚本永久存储在目标服务器上。当浏览器请求数据时,脚本从服务器传回并执行,影响范围比反射型和DOM型XSS更大。存储型XSS攻击的原因仍然是没有做好数据过滤:前端提交数据至服务端时,没有做好过滤;服务端在接受到数据时,在存储之前,没有做过滤;前端从服务端请求到数据,没有过滤输出。</p>
|
|
102
|
+
<blockquote>
|
|
103
|
+
<p>存储型 XSS 的攻击步骤:</p>
|
|
104
|
+
</blockquote>
|
|
105
|
+
<ol>
|
|
106
|
+
<li>攻击者将恶意代码提交到目标网站的数据库中。</li>
|
|
107
|
+
<li>用户打开目标网站时,网站服务端将恶意代码从数据库取出,拼接在 HTML 中返回给浏览器。</li>
|
|
108
|
+
<li>用户浏览器接收到响应后解析执行,混在其中的恶意代码也被执行。</li>
|
|
109
|
+
<li>恶意代码窃取用户数据并发送到攻击者的网站,或者冒充用户的行为,调用目标网站接口执行攻击者指定的操作。</li>
|
|
110
|
+
</ol>
|
|
111
|
+
<p>这种攻击常见于带有用户保存数据的网站功能,如论坛发帖、商品评论、用户私信等。</p>
|
|
112
|
+
<blockquote>
|
|
113
|
+
<p>如何防范存储型XSS攻击:</p>
|
|
114
|
+
</blockquote>
|
|
115
|
+
<ol>
|
|
116
|
+
<li>前端数据传递给服务器之前,先转义/过滤(防范不了抓包修改数据的情况)</li>
|
|
117
|
+
<li>服务器接收到数据,在存储到数据库之前,进行转义/过滤</li>
|
|
118
|
+
<li>前端接收到服务器传递过来的数据,在展示到页面前,先进行转义/过滤</li>
|
|
119
|
+
</ol>
|
|
120
|
+
<blockquote>
|
|
121
|
+
<p>查看存储型XSS攻击示例(根据Readme提示查看)</p>
|
|
122
|
+
</blockquote>
|
|
123
|
+
<p>请戳: <a target="_blank" rel="noopener" href="https://github.com/YvetteLau/Blog/tree/master/Security">https://github.com/YvetteLau/Blog/tree/master/Security</a></p>
|
|
124
|
+
<p><strong>除了谨慎的转义,我们还需要其他一些手段来防范XSS攻击:</strong></p>
|
|
125
|
+
<p><strong>1.Content Security Policy</strong></p>
|
|
126
|
+
<p>在服务端使用 HTTP的 <code>Content-Security-Policy</code> 头部来指定策略,或者在前端设置 <code>meta</code> 标签。</p>
|
|
127
|
+
<p>例如下面的配置只允许加载同域下的资源:</p>
|
|
128
|
+
<pre><code>Content-Security-Policy: default-src 'self'
|
|
129
|
+
|
|
130
|
+
<metahttp-equiv="Content-Security-Policy"content="form-action 'self';">
|
|
131
|
+
</code></pre>
|
|
132
|
+
<p>前端和服务端设置 CSP 的效果相同,但是<code>meta</code>无法使用<code>report</code></p>
|
|
133
|
+
<blockquote>
|
|
134
|
+
<p>更多的设置可以查看 <a target="_blank" rel="noopener" href="https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy__by_cnvoid">Content-Security-Policy
|
|
135
|
+
</a></p>
|
|
136
|
+
</blockquote>
|
|
137
|
+
<p>严格的 CSP 在 XSS 的防范中可以起到以下的作用:</p>
|
|
138
|
+
<ol>
|
|
139
|
+
<li>禁止加载外域代码,防止复杂的攻击逻辑。</li>
|
|
140
|
+
<li>禁止外域提交,网站被攻击后,用户的数据不会泄露到外域。</li>
|
|
141
|
+
<li>禁止内联脚本执行(规则较严格,目前发现 GitHub 使用)。</li>
|
|
142
|
+
<li>禁止未授权的脚本执行(新特性,Google Map 移动版在使用)。</li>
|
|
143
|
+
<li>合理使用上报可以及时发现 XSS,利于尽快修复问题。</li>
|
|
144
|
+
</ol>
|
|
145
|
+
<p><strong>2.输入内容长度控制</strong></p>
|
|
146
|
+
<p>对于不受信任的输入,都应该限定一个合理的长度。虽然无法完全防止 XSS 发生,但可以增加 XSS 攻击的难度。</p>
|
|
147
|
+
<p><strong>3.输入内容限制</strong></p>
|
|
148
|
+
<p>对于部分输入,可以限定不能包含特殊字符或者仅能输入数字等。</p>
|
|
149
|
+
<p><strong>4.其他安全措施</strong></p>
|
|
150
|
+
<ul>
|
|
151
|
+
<li>HTTP-only Cookie: 禁止 JavaScript 读取某些敏感 Cookie,攻击者完成 XSS 注入后也无法窃取此 Cookie。</li>
|
|
152
|
+
<li>验证码:防止脚本冒充用户提交危险操作。</li>
|
|
153
|
+
</ul>
|
|
154
|
+
<blockquote>
|
|
155
|
+
<h3 id="1-5-XSS-检测"><a href="#1-5-XSS-检测" class="headerlink" title="1.5 XSS 检测"></a>1.5 XSS 检测</h3></blockquote>
|
|
156
|
+
<p>读到这儿,相信大家已经知道了什么是XSS攻击,XSS攻击的类型,以及如何去防范XSS攻击。但是有一个非常重要的问题是:我们如何去检测XSS攻击,怎么知道自己的页面是否存在XSS漏洞?</p>
|
|
157
|
+
<p>很多大公司,都有专门的安全部门负责这个工作,但是如果没有安全部门,作为开发者本身,该如何去检测呢?</p>
|
|
158
|
+
<p>1.使用通用 XSS 攻击字串手动检测 XSS 漏洞</p>
|
|
159
|
+
<p>如: <code>jaVasCript:/*-/*</code>/*`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/–!>\x3csVg/<sVg/oNloAd=alert()//>\x3e`</p>
|
|
160
|
+
<p>能够检测到存在于 HTML 属性、HTML 文字内容、HTML 注释、跳转链接、内联 JavaScript 字符串、内联 CSS 样式表等多种上下文中的 XSS 漏洞,也能检测 eval()、setTimeout()、setInterval()、Function()、innerHTML、document.write() 等 DOM 型 XSS 漏洞,并且能绕过一些 XSS 过滤器。</p>
|
|
161
|
+
<p><code><img src=1 onerror=alert(1)></code></p>
|
|
162
|
+
<p>2.使用第三方工具进行扫描(详见最后一个章节)</p>
|
|
163
|
+
<p><a target="_blank" rel="noopener" href="https://camo.githubusercontent.com/6a4fc7c9cc9446874d905768380b02c4cc4a5f1a/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434566643233356365653161333064303437636666356361376531636636356533382f3239343831"><img src="https://camo.githubusercontent.com/6a4fc7c9cc9446874d905768380b02c4cc4a5f1a/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434566643233356365653161333064303437636666356361376531636636356533382f3239343831" alt="xuehuayu.cn"></a></p>
|
|
164
|
+
<hr>
|
|
165
|
+
<h2 id="2-CSRF"><a href="#2-CSRF" class="headerlink" title="2. CSRF"></a>2. CSRF</h2><p>CSRF(Cross-site request forgery)跨站请求伪造:攻击者诱导受害者进入第三方网站,在第三方网站中,向被攻击网站发送跨站请求。利用受害者在被攻击网站已经获取的注册凭证,绕过后台的用户验证,达到冒充用户对被攻击的网站执行某项操作的目的。</p>
|
|
166
|
+
<blockquote>
|
|
167
|
+
<p>典型的CSRF攻击流程:</p>
|
|
168
|
+
</blockquote>
|
|
169
|
+
<ol>
|
|
170
|
+
<li>受害者登录A站点,并保留了登录凭证(Cookie)。</li>
|
|
171
|
+
<li>攻击者诱导受害者访问了站点B。</li>
|
|
172
|
+
<li>站点B向站点A发送了一个请求,浏览器会默认携带站点A的Cookie信息。</li>
|
|
173
|
+
<li>站点A接收到请求后,对请求进行验证,并确认是受害者的凭证,误以为是无辜的受害者发送的请求。</li>
|
|
174
|
+
<li>站点A以受害者的名义执行了站点B的请求。</li>
|
|
175
|
+
<li>攻击完成,攻击者在受害者不知情的情况下,冒充受害者完成了攻击。</li>
|
|
176
|
+
</ol>
|
|
177
|
+
<p><strong>一图胜千言:</strong></p>
|
|
178
|
+
<p><a target="_blank" rel="noopener" href="https://camo.githubusercontent.com/1a3fca040f52115fa9c6c1ca7d55953fa5418040/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434537623931326162323266333766643133343831383631316237373737343437622f3239343836"><img src="https://camo.githubusercontent.com/1a3fca040f52115fa9c6c1ca7d55953fa5418040/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434537623931326162323266333766643133343831383631316237373737343437622f3239343836" alt="xuehuayu.cn"></a></p>
|
|
179
|
+
<blockquote>
|
|
180
|
+
<p>CSRF的特点</p>
|
|
181
|
+
</blockquote>
|
|
182
|
+
<p>1.攻击通常在第三方网站发起,如图上的站点B,站点A无法防止攻击发生。</p>
|
|
183
|
+
<p>2.攻击利用受害者在被攻击网站的登录凭证,冒充受害者提交操作;并不会去获取cookie信息(cookie有同源策略)</p>
|
|
184
|
+
<p>3.跨站请求可以用各种方式:图片URL、超链接、CORS、Form提交等等(来源不明的链接,不要点击)</p>
|
|
185
|
+
<blockquote>
|
|
186
|
+
<p>运行代码,更直观了解一下</p>
|
|
187
|
+
</blockquote>
|
|
188
|
+
<p>用户 loki 银行存款 10W。</p>
|
|
189
|
+
<p>用户 yvette 银行存款 1000。</p>
|
|
190
|
+
<p>我们来看看 yvette 如何通过 <code>CSRF</code> 攻击,将 loki 的钱偷偷转到自己的账户中,并根据提示,查看如何去防御CSRF攻击。</p>
|
|
191
|
+
<p><a target="_blank" rel="noopener" href="https://camo.githubusercontent.com/9c235309e0db35e62a17ed7f3247a87ca0413cb9/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434566363431356238633937363930613731396532353735656666653937376233392f3239353036"><img src="https://camo.githubusercontent.com/9c235309e0db35e62a17ed7f3247a87ca0413cb9/68747470733a2f2f6e6f74652e796f7564616f2e636f6d2f7977732f7075626c69632f7265736f757263652f66343537303163633431303530346537316462626362643838363165386430632f786d6c6e6f74652f5745425245534f5552434566363431356238633937363930613731396532353735656666653937376233392f3239353036" alt="xuehuayu.cn"></a></p>
|
|
192
|
+
<p>请戳: <a target="_blank" rel="noopener" href="https://github.com/YvetteLau/Blog/tree/master/Security">https://github.com/YvetteLau/Blog/tree/master/Security</a> [根据readme中的CSRF部分进行操作]</p>
|
|
193
|
+
<h4 id="CSRF-攻击防御"><a href="#CSRF-攻击防御" class="headerlink" title="CSRF 攻击防御"></a>CSRF 攻击防御</h4><p><strong>1. 添加验证码(体验不好)</strong></p>
|
|
194
|
+
<p>验证码能够防御CSRF攻击,但是我们不可能每一次交互都需要验证码,否则用户的体验会非常差,但是我们可以在转账,交易等操作时,增加验证码,确保我们的账户安全。</p>
|
|
195
|
+
<p><strong>2. 判断请求的来源:检测Referer(并不安全,Referer可以被更改)</strong></p>
|
|
196
|
+
<pre><code>`Referer` 可以作为一种辅助手段,来判断请求的来源是否是安全的,但是鉴于 `Referer` 本身是可以被修改的,因为不能仅依赖于 `Referer`
|
|
197
|
+
</code></pre>
|
|
198
|
+
<p><strong>3. 使用Token(主流)</strong></p>
|
|
199
|
+
<pre><code>CSRF攻击之所以能够成功,是因为服务器误把攻击者发送的请求当成了用户自己的请求。那么我们可以要求所有的用户请求都携带一个CSRF攻击者无法获取到的Token。服务器通过校验请求是否携带正确的Token,来把正常的请求和攻击的请求区分开。跟验证码类似,只是用户无感知。
|
|
200
|
+
|
|
201
|
+
- 服务端给用户生成一个token,加密后传递给用户
|
|
202
|
+
- 用户在提交请求时,需要携带这个token
|
|
203
|
+
- 服务端验证token是否正确
|
|
204
|
+
</code></pre>
|
|
205
|
+
<p><strong>4. Samesite Cookie属性</strong></p>
|
|
206
|
+
<p>为了从源头上解决这个问题,Google起草了一份草案来改进HTTP协议,为Set-Cookie响应头新增Samesite属性,它用来标明这个 Cookie是个“同站 Cookie”,同站Cookie只能作为第一方Cookie,不能作为第三方Cookie,Samesite 有两个属性值,分别是 Strict 和 Lax。</p>
|
|
207
|
+
<p>部署简单,并能有效防御CSRF攻击,但是存在兼容性问题。</p>
|
|
208
|
+
<p><strong>Samesite=Strict</strong></p>
|
|
209
|
+
<p><code>Samesite=Strict</code> 被称为是严格模式,表明这个 Cookie 在任何情况都不可能作为第三方的 Cookie,有能力阻止所有CSRF攻击。此时,我们在B站点下发起对A站点的任何请求,A站点的 Cookie 都不会包含在cookie请求头中。</p>
|
|
210
|
+
<pre><code>**Samesite=Lax**
|
|
211
|
+
|
|
212
|
+
`Samesite=Lax` 被称为是宽松模式,与 Strict 相比,放宽了限制,允许发送安全 HTTP 方法带上 Cookie,如 `Get` / `OPTIONS` 、`HEAD` 请求.
|
|
213
|
+
|
|
214
|
+
但是不安全 HTTP 方法,如: `POST`, `PUT`, `DELETE` 请求时,不能作为第三方链接的 Cookie
|
|
215
|
+
</code></pre>
|
|
216
|
+
<p>为了更好的防御CSRF攻击,我们可以组合使用以上防御手段。</p>
|
|
217
|
+
<h2 id="3-点击劫持"><a href="#3-点击劫持" class="headerlink" title="3. 点击劫持"></a>3. 点击劫持</h2><p>点击劫持是指在一个Web页面中隐藏了一个透明的iframe,用外层假页面诱导用户点击,实际上是在隐藏的frame上触发了点击事件进行一些用户不知情的操作。</p>
|
|
218
|
+
<h4 id="典型点击劫持攻击流程"><a href="#典型点击劫持攻击流程" class="headerlink" title="典型点击劫持攻击流程"></a>典型点击劫持攻击流程</h4><ol>
|
|
219
|
+
<li>攻击者构建了一个非常有吸引力的网页【不知道哪些内容对你们来说有吸引力,我就不写页面了,偷个懒】</li>
|
|
220
|
+
<li>将被攻击的页面放置在当前页面的 <code>iframe</code> 中</li>
|
|
221
|
+
<li>使用样式将 iframe 叠加到非常有吸引力内容的上方</li>
|
|
222
|
+
<li>将iframe设置为100%透明</li>
|
|
223
|
+
<li>你被诱导点击了网页内容,你以为你点击的是***,而实际上,你成功被攻击了。</li>
|
|
224
|
+
</ol>
|
|
225
|
+
<h4 id="点击劫持防御"><a href="#点击劫持防御" class="headerlink" title="点击劫持防御"></a>点击劫持防御</h4><p><strong>1. frame busting</strong></p>
|
|
226
|
+
<p>Frame busting</p>
|
|
227
|
+
<pre><code>if ( top.location != window.location ){
|
|
228
|
+
top.location = window.location
|
|
229
|
+
}
|
|
230
|
+
</code></pre>
|
|
231
|
+
<p>需要注意的是: HTML5中iframe的 <code>sandbox</code> 属性、IE中iframe的<code>security</code> 属性等,都可以限制iframe页面中的JavaScript脚本执行,从而可以使得 frame busting 失效。</p>
|
|
232
|
+
<p><strong>2. X-Frame-Options</strong></p>
|
|
233
|
+
<p>X-FRAME-OPTIONS是微软提出的一个http头,专门用来防御利用iframe嵌套的点击劫持攻击。并且在IE8、Firefox3.6、Chrome4以上的版本均能很好的支持。</p>
|
|
234
|
+
<p>可以设置为以下值:</p>
|
|
235
|
+
<ul>
|
|
236
|
+
<li><p>DENY: 拒绝任何域加载</p>
|
|
237
|
+
</li>
|
|
238
|
+
<li><p>SAMEORIGIN: 允许同源域下加载</p>
|
|
239
|
+
</li>
|
|
240
|
+
<li><p>ALLOW-FROM: 可以定义允许frame加载的页面地址</p>
|
|
241
|
+
</li>
|
|
242
|
+
</ul>
|
|
243
|
+
<h2 id="4-URL跳转漏洞"><a href="#4-URL跳转漏洞" class="headerlink" title="4. URL跳转漏洞"></a>4. URL跳转漏洞</h2><p>URL 跳转漏洞是指后台服务器在告知浏览器跳转时,未对客户端传入的重定向地址进行合法性校验,导致用户浏览器跳转到钓鱼页面的一种漏洞。</p>
|
|
244
|
+
<p>URL跳转一般有以下几种实现方式</p>
|
|
245
|
+
<ol>
|
|
246
|
+
<li><p>Header头跳转</p>
|
|
247
|
+
</li>
|
|
248
|
+
<li><p>Javascript跳转</p>
|
|
249
|
+
</li>
|
|
250
|
+
<li><p>META标签跳转</p>
|
|
251
|
+
</li>
|
|
252
|
+
</ol>
|
|
253
|
+
<blockquote>
|
|
254
|
+
<h4 id="URL跳转漏洞防御"><a href="#URL跳转漏洞防御" class="headerlink" title="URL跳转漏洞防御"></a>URL跳转漏洞防御</h4></blockquote>
|
|
255
|
+
<p>之所以会出现跳转 URL 漏洞,就是因为服务端没有对客户端传递的跳转地址进行合法性校验,所以,预防这种攻击的方式,就是对客户端传递过来的跳转 URL 进行校验。</p>
|
|
256
|
+
<p><strong>1.referer的限制</strong></p>
|
|
257
|
+
<p>如果确定传递URL参数进入的来源,我们可以通过该方式实现安全限制,保证该URL的有效性,避免恶意用户自己生成跳转链接</p>
|
|
258
|
+
<p><strong>2.加入有效性验证Token</strong></p>
|
|
259
|
+
<p>保证所有生成的链接都是来自于可信域,通过在生成的链接里加入用户不可控的token对生成的链接进行校验,可以避免用户生成自己的恶意链接从而被利用。</p>
|
|
260
|
+
<h3 id="安全扫描工具"><a href="#安全扫描工具" class="headerlink" title="安全扫描工具"></a>安全扫描工具</h3><p>上面我们介绍了几种常见的前端安全漏洞,也了解一些防范措施,那么我们如何发现自己网站的安全问题呢?没有安全部门的公司可以考虑下面几款开源扫码工具:</p>
|
|
261
|
+
<h4 id="1-Arachni"><a href="#1-Arachni" class="headerlink" title="1. Arachni"></a>1. <a target="_blank" rel="noopener" href="https://github.com/Arachni/arachni">Arachni</a></h4><p>Arachni是基于Ruby的开源,功能全面,高性能的漏洞扫描框架,Arachni提供简单快捷的扫描方式,只需要输入目标网站的网址即可开始扫描。它可以通过分析在扫描过程中获得的信息,来评估漏洞识别的准确性和避免误判。</p>
|
|
262
|
+
<p>Arachni默认集成大量的检测工具,可以实施 代码注入、CSRF、文件包含检测、SQL注入、命令行注入、路径遍历等各种攻击。</p>
|
|
263
|
+
<p>同时,它还提供了各种插件,可以实现表单爆破、HTTP爆破、防火墙探测等功能。</p>
|
|
264
|
+
<p>针对大型网站,该工具支持会话保持、浏览器集群、快照等功能,帮助用户更好实施渗透测试。</p>
|
|
265
|
+
<h4 id="2-Mozilla-HTTP-Observatory"><a href="#2-Mozilla-HTTP-Observatory" class="headerlink" title="2. Mozilla HTTP Observatory"></a>2. <a target="_blank" rel="noopener" href="https://github.com/mozilla/http-observatory/">Mozilla HTTP Observatory</a></h4><p>Mozilla HTTP Observatory,是Mozilla最近发布的一款名为Observatory的网站安全分析工具,意在鼓励开发者和系统管理员增强自己网站的安全配置。用法非常简单:输入网站URL,即可访问并分析网站HTTP标头,随后可针对网站安全性提供数字形式的分数和字母代表的安全级别。</p>
|
|
266
|
+
<blockquote>
|
|
267
|
+
<p>检查的主要范围包括:</p>
|
|
268
|
+
</blockquote>
|
|
269
|
+
<ul>
|
|
270
|
+
<li>Cookie</li>
|
|
271
|
+
<li>跨源资源共享(CORS)</li>
|
|
272
|
+
<li>内容安全策略(CSP)</li>
|
|
273
|
+
<li>HTTP公钥固定(Public Key Pinning)</li>
|
|
274
|
+
<li>HTTP严格安全传输(HSTS)状态</li>
|
|
275
|
+
<li>是否存在HTTP到HTTPs的自动重定向</li>
|
|
276
|
+
<li>子资源完整性(Subresource Integrity)</li>
|
|
277
|
+
<li>X-Frame-Options</li>
|
|
278
|
+
<li>X-XSS-Protection</li>
|
|
279
|
+
</ul>
|
|
280
|
+
<h4 id="3-w3af"><a href="#3-w3af" class="headerlink" title="3. w3af"></a>3. <a target="_blank" rel="noopener" href="https://github.com/andresriancho/w3af">w3af</a></h4><p>W3af是一个基于Python的Web应用安全扫描器。可帮助开发人员,有助于开发人员和测试人员识别Web应用程序中的漏洞。</p>
|
|
281
|
+
<p>扫描器能够识别200多个漏洞,包括跨站点脚本、SQL注入和操作系统命令。</p>
|
|
282
|
+
<p>参考文章:</p>
|
|
283
|
+
<p>[1] <a target="_blank" rel="noopener" href="https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot">https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot</a></p>
|
|
284
|
+
<p>[2] <a target="_blank" rel="noopener" href="https://tech.meituan.com/2018/10/11/fe-security-csrf.html">https://tech.meituan.com/2018/10/11/fe-security-csrf.html</a></p>
|
|
285
|
+
<p>[3] <a target="_blank" rel="noopener" href="https://zhuanlan.zhihu.com/p/25486768?group_id=820705780520079360">https://zhuanlan.zhihu.com/p/25486768?group_id=820705780520079360</a></p>
|
|
286
|
+
<p>[4] <a target="_blank" rel="noopener" href="https://mp.weixin.qq.com/s/up35Zd8EmEfDVnvxOX9EmA">https://mp.weixin.qq.com/s/up35Zd8EmEfDVnvxOX9EmA</a></p>
|
|
287
|
+
<p>[5] <a target="_blank" rel="noopener" href="https://juejin.im/post/5b4e0c936fb9a04fcf59cb79">https://juejin.im/post/5b4e0c936fb9a04fcf59cb79</a></p>
|
|
288
|
+
<p>[6] <a target="_blank" rel="noopener" href="https://juejin.im/post/5c8a33dcf265da2dc538fc7d">https://juejin.im/post/5c8a33dcf265da2dc538fc7d</a></p>
|
|
289
|
+
<p>[7] <a target="_blank" rel="noopener" href="https://github.com/OWASP/CheatSheetSeries">https://github.com/OWASP/CheatSheetSeries</a></p>
|
|
290
|
+
<blockquote>
|
|
291
|
+
<h3 id="后续写作计划-写作顺序不定"><a href="#后续写作计划-写作顺序不定" class="headerlink" title="后续写作计划(写作顺序不定)"></a>后续写作计划(写作顺序不定)</h3></blockquote>
|
|
292
|
+
<p>1.《寒冬求职季之你必须要懂的原生JS》(下)</p>
|
|
293
|
+
<p>2.《寒冬求职季之你必须要知道的CSS》</p>
|
|
294
|
+
<p>3.《寒冬求职季之你必须要懂的一些浏览器知识》</p>
|
|
295
|
+
<p>4.《寒冬求职季之你必须要知道的性能优化》</p>
|
|
296
|
+
<p>5.《寒冬求职季之你必须要懂的webpack原理》</p>
|
|
297
|
+
<p><strong>针对React技术栈:</strong></p>
|
|
298
|
+
<p>1.《寒冬求职季之你必须要懂的React》系列</p>
|
|
299
|
+
<p>2.《寒冬求职季之你必须要懂的ReactNative》系列</p>
|
|
300
|
+
<p><a target="_blank" rel="noopener" href="https://camo.githubusercontent.com/97caf4bcf03761926ba45cf5660af9b9e48fa4c1/68747470733a2f2f74696d6773612e62616964752e636f6d2f74696d673f696d616765267175616c6974793d38302673697a653d62393939395f3130303030267365633d313535353836393832393734352664693d393664353038333338343739653236366638316434636230616161313533316526696d67747970653d30267372633d68747470253341253246253246696d672e74756b6578772e636f6d253246696d67253246373233666634623731306439646436312e6a7067"><img src="https://camo.githubusercontent.com/97caf4bcf03761926ba45cf5660af9b9e48fa4c1/68747470733a2f2f74696d6773612e62616964752e636f6d2f74696d673f696d616765267175616c6974793d38302673697a653d62393939395f3130303030267365633d313535353836393832393734352664693d393664353038333338343739653236366638316434636230616161313533316526696d67747970653d30267372633d68747470253341253246253246696d672e74756b6578772e636f6d253246696d67253246373233666634623731306439646436312e6a7067" alt="xuehuayu.cn"></a></p>
|
|
301
|
+
<p>编写本文,虽然花费了很多时间,但是在这个过程中,我也学习到了很多知识,谢谢各位小伙伴愿意花费宝贵的时间阅读本文,如果本文给了您一点帮助或者是启发,请不要吝啬你的赞和Star,您的肯定是我前进的最大动力。<a target="_blank" rel="noopener" href="https://github.com/YvetteLau/Blog">https://github.com/YvetteLau/Blog</a></p>
|
|
302
|
+
</div><iframe src="/donate/?AliPayQR=https://store.xuehuayu.cn/store/public/alipay_qr.jpg&WeChatQR=https://store.xuehuayu.cn/store/public/wechat_qr.png&UnionPayQR=null&GitHub=null&BTCQR=null&BTCKEY=null&PayPal=https://www.paypal.com/paypalme/OrdinaryPerson" style="overflow-x:hidden; overflow-y:hidden; border:0xp none #fff; min-height:240px; width:100%;" frameborder="0" scrolling="no"></iframe><div><ul class="post-copyright"><li class="post-copyright-author"><strong>本文作者:</strong>雪花雨</li><li class="post-copyright-link"><strong>本文链接:</strong><a href="/article/37336.html">https://xuehuayu.cn/article/37336.html</a></li><li class="post-copyright-license"><strong>版权声明:</strong>① 标为原创的文章为博主原创,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接。② 转载文章来自网络,已标明出处,<a href="mailto:cainiaoblog@126.com">侵删</a>。</li></ul></div><br><div class="tags"><a href="/tags/%E8%BD%AC%E8%BD%BD/">转载</a></div><div class="post-nav"><a class="pre" href="/article/63351.html">微软推出Python免费在线教程视频</a><a class="next" href="/article/25710.html">寒冬求职季之你必须要懂的原生JS(中)</a></div><div id="vcomment"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@waline/client@v2/dist/waline.min.css"><script src="//cdn.jsdelivr.net/npm/@waline/client@v2/dist/waline.js"></script><script>const origin = window.location.origin
|
|
303
|
+
const serverURL = origin.includes('cainiaoblog') ? 'https://cmts.cainiaoblog.cn' : 'https://cmts.xuehuayu.cn'
|
|
304
|
+
const locale = {
|
|
305
|
+
placeholder: '请正确填写昵称和邮箱,方便接收回复通知~',
|
|
306
|
+
sofa: '沙发空缺中,还不快抢~',
|
|
307
|
+
};
|
|
308
|
+
Waline.init({
|
|
309
|
+
el: '#vcomment',
|
|
310
|
+
serverURL: serverURL,
|
|
311
|
+
pageSize: '20',
|
|
312
|
+
visitor: true, // 阅读量统计
|
|
313
|
+
requiredMeta: ['nick', 'mail'],
|
|
314
|
+
emoji: [
|
|
315
|
+
'https://cdn.jsdelivr.net/gh/walinejs/emojis@1.0.0/weibo',
|
|
316
|
+
'https://cdn.jsdelivr.net/gh/walinejs/emojis@1.0.0/qq',
|
|
317
|
+
'https://cdn.jsdelivr.net/gh/walinejs/emojis@1.0.0/tw-emoji',
|
|
318
|
+
],
|
|
319
|
+
locale,
|
|
320
|
+
pageview: true
|
|
321
|
+
})
|
|
322
|
+
</script></div></div></div><div class="pure-u-1 pure-u-md-1-4 fixed-search hidden_mid_and_down"><div id="sidebar"><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/search.min.js"></script><div class="widget"><div class="widget-search"><input class="search" type="radio" name="search" value="baidu" id="baidu" checked="checked"/><label class="label" for="baidu" title="百度全站搜索">百度</label><input class="search" type="radio" name="search" value="google" id="google"/><label class="label" for="google" title="谷歌全站搜索">谷歌</label><input class="search" type="radio" name="search" value="self" id="self"/><label class="label" for="self" title="使用站内搜索">站内</label></div><div class="widget" id="search"><form class="search-form" action="//www.baidu.com/baidu" method="get" accept-charset="utf-8" target="_blank"><input type="search" name="word" maxlength="30" placeholder="百度全站搜索"/><input type="hidden" name="si" value="xuehuayu.cn"/><input type="hidden" name="cl" value="3"/><input type="hidden" name="ct" value="2097152"/><input type="hidden" name="s" value="on"/><input class="search-submit" type="submit" value=""/></form></div></div><script>$('input[type=radio][name=search]').change(function() {
|
|
323
|
+
var val = $(this).val()
|
|
324
|
+
var self = '<div class="search-form"><input id="local-search-input" placeholder="站内搜索,首次慢" type="search" name="q" results="0"><input class="search-submit" type="submit" value=""/><div id="local-search-result"></div></div>'
|
|
325
|
+
var google = '<form class="search-form" action="//www.google.com/search" method="get" accept-charset="utf-8" target="_blank"><input type="search" name="q" maxlength="30" placeholder="谷歌全站搜索"><input type="hidden" name="sitesearch" value="xuehuayu.cn"><input class="search-submit" type="submit" value=""/></form>'
|
|
326
|
+
var baidu = '<form class="search-form" action="//www.baidu.com/baidu" method="get" accept-charset="utf-8" target="_blank"><input type="search" name="word" maxlength="30" placeholder="百度全站搜索"><input type="hidden" name="si" value="xuehuayu.cn"><input type="hidden" name="cl" value="3"><input type="hidden" name="ct" value="2097152"><input type="hidden" name="s" value="on"><input class="search-submit" type="submit" value=""/></form>'
|
|
327
|
+
|
|
328
|
+
if (val === 'self') {
|
|
329
|
+
$('#search').html(self)
|
|
330
|
+
var search_path = 'search.xml';
|
|
331
|
+
if (search_path.length == 0) {
|
|
332
|
+
search_path = 'search.xml';
|
|
333
|
+
}
|
|
334
|
+
var path = 'https://cdn.staticaly.com/gh/npljy/npljy.github.io/main/' + search_path;
|
|
335
|
+
searchFunc(path, 'local-search-input', 'local-search-result');
|
|
336
|
+
} else if (val === 'baidu') {
|
|
337
|
+
$('#search').html(baidu)
|
|
338
|
+
} else if (val === 'google') {
|
|
339
|
+
$('#search').html(google)
|
|
340
|
+
}
|
|
341
|
+
})</script><div class="widget widget-wxmp"><img alt="微信公众号" width="100%" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/mp-mini.jpg"/></div><div class="widget widget-categories"><div class="widget-title"><i class="fa fa-folder-o"> 分类</i></div><ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/CDN/">CDN</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/IDE/">IDE</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/git/">git</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/hexo/">hexo</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%85%AC%E5%85%B1%E8%8A%82%E6%97%A5/">公共节日</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%88%86%E4%BA%AB/">分享</a><span class="category-list-count">29</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%89%8D%E7%AB%AF/">前端</a><span class="category-list-count">191</span><ul class="category-list-child"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%89%8D%E7%AB%AF/%E6%B5%8F%E8%A7%88%E5%99%A8/">浏览器</a><span class="category-list-count">1</span><ul class="category-list-child"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%89%8D%E7%AB%AF/%E6%B5%8F%E8%A7%88%E5%99%A8/%E7%BD%91%E7%BB%9C%E5%8D%8F%E8%AE%AE/">网络协议</a><span class="category-list-count">1</span></li></ul></li></ul></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%8D%9A%E5%AE%A2/">博客</a><span class="category-list-count">3</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B7%A5%E5%85%B7/">工具</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B9%BF%E5%91%8A%E8%BF%87%E6%BB%A4/">广告过滤</a><span class="category-list-count">8</span><ul class="category-list-child"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B9%BF%E5%91%8A%E8%BF%87%E6%BB%A4/%E8%A7%86%E9%A2%91%E7%94%B5%E8%A7%86%E5%B0%8F%E8%AF%B4%E6%BC%AB%E7%94%BB%E8%B5%84%E8%AE%AF%E9%9F%B3%E4%B9%90/">视频电视小说漫画资讯音乐</a><span class="category-list-count">2</span></li></ul></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E6%AD%A3%E5%88%99/">正则</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E6%B5%8F%E8%A7%88%E5%99%A8/">浏览器</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E7%AE%97%E6%B3%95/">算法</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E8%B5%84%E8%AE%AF/">资讯</a><span class="category-list-count">16</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E8%BD%BB%E6%9D%BE%E4%B8%80%E5%88%BB/">轻松一刻</a><span class="category-list-count">1</span></li></ul></div><div class="widget widget-tags"><div class="widget-title"><i class="fa fa-star-o"> 标签</i></div><div class="tagcloud"><a href="/tags/%E5%8E%9F%E5%88%9B/" style="font-size: 15px;">原创</a> <a href="/tags/%E8%BD%AC%E8%BD%BD/" style="font-size: 15px;">转载</a> <a href="/tags/%E6%89%8B%E5%86%99/" style="font-size: 15px;">手写</a> <a href="/tags/%E7%96%AB%E6%83%85/" style="font-size: 15px;">疫情</a> <a href="/tags/%E5%A8%B1%E4%B9%90/" style="font-size: 15px;">娱乐</a></div></div><div class="widget widget-recent-posts"><div class="widget-title"><i class="fa fa-file-o"> 最近文章</i></div><ul class="post-list"><li class="post-list-item"><a class="post-list-link" href="/article/c5576490.html">面试准备</a></li><li class="post-list-item"><a class="post-list-link" href="/article/84c9ccd6.html">精读《SolidJS》</a></li><li class="post-list-item"><a class="post-list-link" href="/article/53803e6.html">git提交注释规范</a></li><li class="post-list-item"><a class="post-list-link" href="/article/a4145266.html">前端数组拍平flat一行代码</a></li><li class="post-list-item"><a class="post-list-link" href="/article/bedea419.html">一道前端this面试题</a></li><li class="post-list-item"><a class="post-list-link" href="/article/bf7e7421.html">git多账号配置</a></li></ul></div><div class="widget widget-links"><div class="widget-title"><i class="fa fa-external-link"> 友情链接</i></div><ul></ul><a href="https://github.com/npljy?utm_source=xuehuayu.cn" title="GitHub" target="_blank">GitHub</a><ul></ul><a href="https://laonongmin.online?utm_source=xuehuayu.cn" title="看看" target="_blank">看看</a><ul></ul><a href="https://cainiaoblog.cn?utm_source=xuehuayu.cn" title="菜鸟博客" target="_blank">菜鸟博客</a><ul></ul><a href="mailto:cainiaoblog@126.com" title="友链联系" target="_blank">友链联系</a></div></div></div><div class="pure-u-1 pure-u-md-3-4"><div id="footer"><div class="flex-block justify-center align-center flex-wrap"><a class="gxba-link" id="gxba" rel="nofollow" target="_blank" href="http://beian.miit.gov.cn/">京ICP备20007647号-2</a><a class="gaba-link" id="gaba-link" rel="nofollow" target="_blank" href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010802031264"><img class="nofancybox" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/gaba.png" alt=""/><span id="gaba">京公网安备 11010802031264号</span><span style="padding-right: 10px;"></span></a><span>Copyright © 2023 </span><a href="/." rel="nofollow">前端壹菜鸟. </a><script>(function(){
|
|
342
|
+
var cnb =window.location.origin.indexOf('cainiaoblog') !==-1
|
|
343
|
+
if (cnb) {
|
|
344
|
+
var gxba =document.getElementById('gxba')
|
|
345
|
+
var gaba =document.getElementById('gaba')
|
|
346
|
+
var gabaLink =document.getElementById('gaba-link')
|
|
347
|
+
gxba.innerText ='京ICP备20007647号-1'
|
|
348
|
+
gaba.innerText ='京公网安备 11010802031254号'
|
|
349
|
+
gabaLink.setAttribute('href','http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010802031254')
|
|
350
|
+
}
|
|
351
|
+
})()</script></div><div class="flex-block justify-center align-center flex-wrap"><a rel="nofollow" target="_blank" href="https://v6.51.la/s/Guz3lwHCsVme9Cu"><div class="busuanzi_container" id="busuanzi_container"><span class="busuanzi_container_site_pv" id="busuanzi_container_site_pv">访问量:<span id="busuanzi_value_site_pv"><i class="fa fa-spinner"></i></span></span><span class="busuanzi_container_site_uv" id="busuanzi_container_site_uv">访客数:<span id="busuanzi_value_site_uv"><i class="fa fa-spinner"></i></span></span><span style="padding-right: 10px;"></span></div></a><a rel="nofollow" target="_blank" href="https://www.upyun.com/?utm_source=lianmeng&utm_medium=referral"><span style="font-weight:bold;letter-spacing: 1px;">本网站由 </span><img class="nofancybox" height="32" style="vertical-align: middle" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/upy_logo.min.svg" alt=""/><span style="font-weight:bold;letter-spacing: 1px;">提供CDN加速/云存储服务</span></a><span style="padding-right: 10px;"></span><a rel="nofollow" style="font-size:18px;font-weight:bold;vertical-align: middle" target="_blank" title="注册就送代金券可直接使用" href="https://console.upyun.com/register/?invite=HyDsjZHIL">注册</a></div></div></div></div><a class="show" id="rocket" href="#top"></a><div class="darkmode-toggle">🌓</div><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/totop.min.js" async></script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/dark.min.js" async></script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/codeblock-resizer.min.js"></script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/smartresize.min.js"></script></div></body></html>
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
<!DOCTYPE html><html lang="zh-CN" data-dark><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="black-translucent" name="apple-mobile-web-app-status-bar-style"><meta content="telephone=no" name="format-detection"><meta name="description" content="前端壹菜鸟,记录工作难题,关注前端知识,收集精彩博文,做技术的搬运工"><meta name="msvalidate.01" content="0FE4D8B3381D3D87088996B886E1E2BD"><title>重磅!微信官方推出 Web 前端和小程序统一框架 | 前端壹菜鸟</title><link rel="stylesheet" type="text/css" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/css/style.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/normalize.css@latest/normalize.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/purecss@latest/build/pure-min.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/purecss@latest/build/grids-responsive-min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css"><link rel="icon" mask="" sizes="any" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.ico"><link rel="Shortcut Icon" type="image/x-icon" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.ico"><link rel="apple-touch-icon" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.png"><link rel="apple-touch-icon-precomposed" href="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/blog.png"><link rel="alternate" type="application/atom+xml" href="/atom.xml"><script type="text/javascript" src="//cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js"></script><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8385136408348258"></script><script src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script><script>(function(){
|
|
2
|
+
var bp = document.createElement('script');
|
|
3
|
+
var curProtocol = window.location.protocol.split(':')[0];
|
|
4
|
+
if (curProtocol === 'https'){
|
|
5
|
+
bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
|
|
6
|
+
}
|
|
7
|
+
else{
|
|
8
|
+
bp.src = 'http://push.zhanzhang.baidu.com/push.js';
|
|
9
|
+
}
|
|
10
|
+
var s = document.getElementsByTagName("script")[0];
|
|
11
|
+
s.parentNode.insertBefore(bp, s);
|
|
12
|
+
})();
|
|
13
|
+
</script><script>(function(){
|
|
14
|
+
var src = 'https://jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba';
|
|
15
|
+
document.write('<script src="' + src + '" id="sozz"><\/script>');
|
|
16
|
+
})();
|
|
17
|
+
</script><script>var _hmt=_hmt||[];(function(){var hm=document.createElement("script");hm.src='https://hm.baidu.com/hm.js?011f0b44e8452bfa57fbfa23c5fe7683';var s=document.getElementsByTagName("script")[0];s.parentNode.insertBefore(hm, s);})();
|
|
18
|
+
</script><script async src="https://www.googletagmanager.com/gtag/js?id=UA-150860401-1"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);};gtag('js',new Date());gtag('config','UA-150860401-1');
|
|
19
|
+
</script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/fixedPage.min.js"></script><meta name="generator" content="Hexo 6.3.0"></head><body><div class="body_container"><div id="header"><div class="site-name"><a id="logo" href="/.">前端壹菜鸟</a><p class="description">关注前端知识,收集精彩博文,做技术的搬运工</p></div><div id="nav-menu"><a class="current" href="/." target="_self"><i class="fa fa-home"> 首页</i></a><a href="/archives/" target="_self"><i class="fa fa-archive"> 归档</i></a><a href="/guestbook/" target="_self"><i class="fa fa-comments"> 留言</i></a><a href="/about/" target="_self"><i class="fa fa-user"> 关于</i></a><a href="https://laonongmin.online/" target="_target"><i class="fa fa-group"> 看看</i></a><a href="https://love.xuehuayu.cn/" target="_target"><i class="fa fa-heart"> LOVE</i></a></div></div><div class="pure-g" id="layout"><div class="pure-u-1 pure-u-md-3-4"><div class="content_container"><div class="post"><h1 class="post-title c-post">重磅!微信官方推出 Web 前端和小程序统一框架</h1><div class="post-meta"><span class="date">2020-02-28</span><span> | </span><span class="tag"><a href="/tags/%E8%BD%AC%E8%BD%BD/">转载 </a></span><span> | </span><span class="category"><a href="/categories/%E8%B5%84%E8%AE%AF/">资讯 </a></span><span id="busuanzi_container_page_pv"> | <span id="busuanzi_value_page_pv"><i class="fa fa-spinner"></i></span><span> 阅读</span></span><span class="post-time"><span class="post-meta-item-text"> | </span><span class="post-meta-item-icon"><i class="fa fa-keyboard-o"></i><span class="post-count"> 586</span><span class="post-meta-item-text"> 字</span></span></span><span class="post-time"> | <span class="post-meta-item-icon"><i class="fa fa-hourglass-half"></i><span class="post-count"> 2</span><span class="post-meta-item-text"> 分钟</span></span></span></div><a class="disqus-comment-count" href="/article/37351.html#vcomment"><span class="waline-comment-count" data-path="/article/37351.html"></span><span> 条评论</span></a><div class="post-content"><p><code>原文:https://mp.weixin.qq.com/s/ySxc3OK0E28dOAxry0796w</code><br>**最近微信官方重磅推出了一个统一 Web 前端和小程序的框架 —— Kbone **。<br>微信小程序的底层模型和 Web 端不同,开发者无法直接把 Web 端的代码挪到小程序环境内执行。<br>Kbone 的诞生就是为了解决这个问题,它实现了一个适配器,在适配层里模拟出了浏览器环境,让 Web 端的代码可以不做什么改动,便可运行在小程序里。</p>
|
|
20
|
+
<span id="more"></span>
|
|
21
|
+
<p><strong>Kbone 有哪些优势?</strong></p>
|
|
22
|
+
<p>因为 kbone 是通过提供适配器的方式来实现同构,所以它的优势很明显:</p>
|
|
23
|
+
<ul>
|
|
24
|
+
<li><p>大部分流行的前端框架都能够在 kbone 上运行,比如 Vue、React、Preact 等。</p>
|
|
25
|
+
</li>
|
|
26
|
+
<li><p>支持更为完整的前端框架特性,因为 kbone 不会对框架底层进行删改(比如 Vue 中的 v-html 指令、Vue-router 插件)。</p>
|
|
27
|
+
</li>
|
|
28
|
+
<li><p>提供了常用的 dom/bom 接口,让用户代码无需做太大改动便可从 Web 端迁移到小程序端。</p>
|
|
29
|
+
</li>
|
|
30
|
+
<li><p>在小程序端运行时,仍然可以使用小程序本身的特性(比如像 live-player 内置组件、分包功能)。</p>
|
|
31
|
+
</li>
|
|
32
|
+
<li><p>提供了一些 Dom 扩展接口,让一些无法完美兼容到小程序端的接口也有替代使用方案(比如 getComputedStyle 接口)。</p>
|
|
33
|
+
</li>
|
|
34
|
+
</ul>
|
|
35
|
+
<p><strong>如何选择?</strong></p>
|
|
36
|
+
<p>业内其实已经出现了很多关于同构的解决方案了,每个方案都有自己的优劣,不存在能够完美解决所有问题的方案。kbone 也一样,它的优势在上面提到过,而它的不足也是它的实现原理带来的。kbone 是使用一定的性能损耗,来换取更为全面的 Web 端特性支持。</p>
|
|
37
|
+
<p>所以关于性能方面,如果你对小程序的性能特别苛刻,建议直接使用原生小程序开发;如果你的页面节点数量特别多(通常在 1000 节点以上),同时还要保证在节点数无限上涨时仍然有稳定的渲染性能的话,可以尝试一下业内采用静态模板转译的方案;其他情况就可以直接采用 kbone 了。</p>
|
|
38
|
+
<p><strong>Kbone 的使用方法,参见官方文档链接:</strong></p>
|
|
39
|
+
<p><a target="_blank" rel="noopener" href="https://developers.weixin.qq.com/miniprogram/dev/extended/kbone/">https://developers.weixin.qq.com/miniprogram/dev/extended/kbone/</a></p>
|
|
40
|
+
</div><iframe src="/donate/?AliPayQR=https://store.xuehuayu.cn/store/public/alipay_qr.jpg&WeChatQR=https://store.xuehuayu.cn/store/public/wechat_qr.png&UnionPayQR=null&GitHub=null&BTCQR=null&BTCKEY=null&PayPal=https://www.paypal.com/paypalme/OrdinaryPerson" style="overflow-x:hidden; overflow-y:hidden; border:0xp none #fff; min-height:240px; width:100%;" frameborder="0" scrolling="no"></iframe><div><ul class="post-copyright"><li class="post-copyright-author"><strong>本文作者:</strong>雪花雨</li><li class="post-copyright-link"><strong>本文链接:</strong><a href="/article/37351.html">https://xuehuayu.cn/article/37351.html</a></li><li class="post-copyright-license"><strong>版权声明:</strong>① 标为原创的文章为博主原创,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接。② 转载文章来自网络,已标明出处,<a href="mailto:cainiaoblog@126.com">侵删</a>。</li></ul></div><br><div class="tags"><a href="/tags/%E8%BD%AC%E8%BD%BD/">转载</a></div><div class="post-nav"><a class="pre" href="/article/32732.html">2020年1月Github上最热门的JavaScript开源项目</a><a class="next" href="/article/36037.html">大话 JS 单线程与异步</a></div><div id="vcomment"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@waline/client@v2/dist/waline.min.css"><script src="//cdn.jsdelivr.net/npm/@waline/client@v2/dist/waline.js"></script><script>const origin = window.location.origin
|
|
41
|
+
const serverURL = origin.includes('cainiaoblog') ? 'https://cmts.cainiaoblog.cn' : 'https://cmts.xuehuayu.cn'
|
|
42
|
+
const locale = {
|
|
43
|
+
placeholder: '请正确填写昵称和邮箱,方便接收回复通知~',
|
|
44
|
+
sofa: '沙发空缺中,还不快抢~',
|
|
45
|
+
};
|
|
46
|
+
Waline.init({
|
|
47
|
+
el: '#vcomment',
|
|
48
|
+
serverURL: serverURL,
|
|
49
|
+
pageSize: '20',
|
|
50
|
+
visitor: true, // 阅读量统计
|
|
51
|
+
requiredMeta: ['nick', 'mail'],
|
|
52
|
+
emoji: [
|
|
53
|
+
'https://cdn.jsdelivr.net/gh/walinejs/emojis@1.0.0/weibo',
|
|
54
|
+
'https://cdn.jsdelivr.net/gh/walinejs/emojis@1.0.0/qq',
|
|
55
|
+
'https://cdn.jsdelivr.net/gh/walinejs/emojis@1.0.0/tw-emoji',
|
|
56
|
+
],
|
|
57
|
+
locale,
|
|
58
|
+
pageview: true
|
|
59
|
+
})
|
|
60
|
+
</script></div></div></div><div class="pure-u-1 pure-u-md-1-4 fixed-search hidden_mid_and_down"><div id="sidebar"><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/search.min.js"></script><div class="widget"><div class="widget-search"><input class="search" type="radio" name="search" value="baidu" id="baidu" checked="checked"/><label class="label" for="baidu" title="百度全站搜索">百度</label><input class="search" type="radio" name="search" value="google" id="google"/><label class="label" for="google" title="谷歌全站搜索">谷歌</label><input class="search" type="radio" name="search" value="self" id="self"/><label class="label" for="self" title="使用站内搜索">站内</label></div><div class="widget" id="search"><form class="search-form" action="//www.baidu.com/baidu" method="get" accept-charset="utf-8" target="_blank"><input type="search" name="word" maxlength="30" placeholder="百度全站搜索"/><input type="hidden" name="si" value="xuehuayu.cn"/><input type="hidden" name="cl" value="3"/><input type="hidden" name="ct" value="2097152"/><input type="hidden" name="s" value="on"/><input class="search-submit" type="submit" value=""/></form></div></div><script>$('input[type=radio][name=search]').change(function() {
|
|
61
|
+
var val = $(this).val()
|
|
62
|
+
var self = '<div class="search-form"><input id="local-search-input" placeholder="站内搜索,首次慢" type="search" name="q" results="0"><input class="search-submit" type="submit" value=""/><div id="local-search-result"></div></div>'
|
|
63
|
+
var google = '<form class="search-form" action="//www.google.com/search" method="get" accept-charset="utf-8" target="_blank"><input type="search" name="q" maxlength="30" placeholder="谷歌全站搜索"><input type="hidden" name="sitesearch" value="xuehuayu.cn"><input class="search-submit" type="submit" value=""/></form>'
|
|
64
|
+
var baidu = '<form class="search-form" action="//www.baidu.com/baidu" method="get" accept-charset="utf-8" target="_blank"><input type="search" name="word" maxlength="30" placeholder="百度全站搜索"><input type="hidden" name="si" value="xuehuayu.cn"><input type="hidden" name="cl" value="3"><input type="hidden" name="ct" value="2097152"><input type="hidden" name="s" value="on"><input class="search-submit" type="submit" value=""/></form>'
|
|
65
|
+
|
|
66
|
+
if (val === 'self') {
|
|
67
|
+
$('#search').html(self)
|
|
68
|
+
var search_path = 'search.xml';
|
|
69
|
+
if (search_path.length == 0) {
|
|
70
|
+
search_path = 'search.xml';
|
|
71
|
+
}
|
|
72
|
+
var path = 'https://cdn.staticaly.com/gh/npljy/npljy.github.io/main/' + search_path;
|
|
73
|
+
searchFunc(path, 'local-search-input', 'local-search-result');
|
|
74
|
+
} else if (val === 'baidu') {
|
|
75
|
+
$('#search').html(baidu)
|
|
76
|
+
} else if (val === 'google') {
|
|
77
|
+
$('#search').html(google)
|
|
78
|
+
}
|
|
79
|
+
})</script><div class="widget widget-wxmp"><img alt="微信公众号" width="100%" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/mp-mini.jpg"/></div><div class="widget widget-categories"><div class="widget-title"><i class="fa fa-folder-o"> 分类</i></div><ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/CDN/">CDN</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/IDE/">IDE</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/git/">git</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/hexo/">hexo</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%85%AC%E5%85%B1%E8%8A%82%E6%97%A5/">公共节日</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%88%86%E4%BA%AB/">分享</a><span class="category-list-count">29</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%89%8D%E7%AB%AF/">前端</a><span class="category-list-count">191</span><ul class="category-list-child"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%89%8D%E7%AB%AF/%E6%B5%8F%E8%A7%88%E5%99%A8/">浏览器</a><span class="category-list-count">1</span><ul class="category-list-child"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%89%8D%E7%AB%AF/%E6%B5%8F%E8%A7%88%E5%99%A8/%E7%BD%91%E7%BB%9C%E5%8D%8F%E8%AE%AE/">网络协议</a><span class="category-list-count">1</span></li></ul></li></ul></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%8D%9A%E5%AE%A2/">博客</a><span class="category-list-count">3</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B7%A5%E5%85%B7/">工具</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B9%BF%E5%91%8A%E8%BF%87%E6%BB%A4/">广告过滤</a><span class="category-list-count">8</span><ul class="category-list-child"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B9%BF%E5%91%8A%E8%BF%87%E6%BB%A4/%E8%A7%86%E9%A2%91%E7%94%B5%E8%A7%86%E5%B0%8F%E8%AF%B4%E6%BC%AB%E7%94%BB%E8%B5%84%E8%AE%AF%E9%9F%B3%E4%B9%90/">视频电视小说漫画资讯音乐</a><span class="category-list-count">2</span></li></ul></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E6%AD%A3%E5%88%99/">正则</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E6%B5%8F%E8%A7%88%E5%99%A8/">浏览器</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E7%AE%97%E6%B3%95/">算法</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E8%B5%84%E8%AE%AF/">资讯</a><span class="category-list-count">16</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E8%BD%BB%E6%9D%BE%E4%B8%80%E5%88%BB/">轻松一刻</a><span class="category-list-count">1</span></li></ul></div><div class="widget widget-tags"><div class="widget-title"><i class="fa fa-star-o"> 标签</i></div><div class="tagcloud"><a href="/tags/%E5%8E%9F%E5%88%9B/" style="font-size: 15px;">原创</a> <a href="/tags/%E8%BD%AC%E8%BD%BD/" style="font-size: 15px;">转载</a> <a href="/tags/%E6%89%8B%E5%86%99/" style="font-size: 15px;">手写</a> <a href="/tags/%E7%96%AB%E6%83%85/" style="font-size: 15px;">疫情</a> <a href="/tags/%E5%A8%B1%E4%B9%90/" style="font-size: 15px;">娱乐</a></div></div><div class="widget widget-recent-posts"><div class="widget-title"><i class="fa fa-file-o"> 最近文章</i></div><ul class="post-list"><li class="post-list-item"><a class="post-list-link" href="/article/c5576490.html">面试准备</a></li><li class="post-list-item"><a class="post-list-link" href="/article/84c9ccd6.html">精读《SolidJS》</a></li><li class="post-list-item"><a class="post-list-link" href="/article/53803e6.html">git提交注释规范</a></li><li class="post-list-item"><a class="post-list-link" href="/article/a4145266.html">前端数组拍平flat一行代码</a></li><li class="post-list-item"><a class="post-list-link" href="/article/bedea419.html">一道前端this面试题</a></li><li class="post-list-item"><a class="post-list-link" href="/article/bf7e7421.html">git多账号配置</a></li></ul></div><div class="widget widget-links"><div class="widget-title"><i class="fa fa-external-link"> 友情链接</i></div><ul></ul><a href="https://github.com/npljy?utm_source=xuehuayu.cn" title="GitHub" target="_blank">GitHub</a><ul></ul><a href="https://laonongmin.online?utm_source=xuehuayu.cn" title="看看" target="_blank">看看</a><ul></ul><a href="https://cainiaoblog.cn?utm_source=xuehuayu.cn" title="菜鸟博客" target="_blank">菜鸟博客</a><ul></ul><a href="mailto:cainiaoblog@126.com" title="友链联系" target="_blank">友链联系</a></div></div></div><div class="pure-u-1 pure-u-md-3-4"><div id="footer"><div class="flex-block justify-center align-center flex-wrap"><a class="gxba-link" id="gxba" rel="nofollow" target="_blank" href="http://beian.miit.gov.cn/">京ICP备20007647号-2</a><a class="gaba-link" id="gaba-link" rel="nofollow" target="_blank" href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010802031264"><img class="nofancybox" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/gaba.png" alt=""/><span id="gaba">京公网安备 11010802031264号</span><span style="padding-right: 10px;"></span></a><span>Copyright © 2023 </span><a href="/." rel="nofollow">前端壹菜鸟. </a><script>(function(){
|
|
80
|
+
var cnb =window.location.origin.indexOf('cainiaoblog') !==-1
|
|
81
|
+
if (cnb) {
|
|
82
|
+
var gxba =document.getElementById('gxba')
|
|
83
|
+
var gaba =document.getElementById('gaba')
|
|
84
|
+
var gabaLink =document.getElementById('gaba-link')
|
|
85
|
+
gxba.innerText ='京ICP备20007647号-1'
|
|
86
|
+
gaba.innerText ='京公网安备 11010802031254号'
|
|
87
|
+
gabaLink.setAttribute('href','http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010802031254')
|
|
88
|
+
}
|
|
89
|
+
})()</script></div><div class="flex-block justify-center align-center flex-wrap"><a rel="nofollow" target="_blank" href="https://v6.51.la/s/Guz3lwHCsVme9Cu"><div class="busuanzi_container" id="busuanzi_container"><span class="busuanzi_container_site_pv" id="busuanzi_container_site_pv">访问量:<span id="busuanzi_value_site_pv"><i class="fa fa-spinner"></i></span></span><span class="busuanzi_container_site_uv" id="busuanzi_container_site_uv">访客数:<span id="busuanzi_value_site_uv"><i class="fa fa-spinner"></i></span></span><span style="padding-right: 10px;"></span></div></a><a rel="nofollow" target="_blank" href="https://www.upyun.com/?utm_source=lianmeng&utm_medium=referral"><span style="font-weight:bold;letter-spacing: 1px;">本网站由 </span><img class="nofancybox" height="32" style="vertical-align: middle" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/img/upy_logo.min.svg" alt=""/><span style="font-weight:bold;letter-spacing: 1px;">提供CDN加速/云存储服务</span></a><span style="padding-right: 10px;"></span><a rel="nofollow" style="font-size:18px;font-weight:bold;vertical-align: middle" target="_blank" title="注册就送代金券可直接使用" href="https://console.upyun.com/register/?invite=HyDsjZHIL">注册</a></div></div></div></div><a class="show" id="rocket" href="#top"></a><div class="darkmode-toggle">🌓</div><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/totop.min.js" async></script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/dark.min.js" async></script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/codeblock-resizer.min.js"></script><script type="text/javascript" src="//cdn.staticaly.com/gh/npljy/npljy.github.io/main/js/smartresize.min.js"></script></div></body></html>
|