And*_*tov 10 javascript jquery html-head bigcommerce
我在一个电子商务平台上,我可以编辑它<head>,但是一些注入头部的东西对用户来说是遥不可及的.因此,即使我们可以对其进行编辑<head>,也会出现无法触及的注射,因此通过传统方法无法移除.
PS:我可以在这些注入的JS脚本标记之前或之后放置脚本,这些脚本标记是与我的脚本一起生成和填充的.因此,如果我将脚本放在"标记注入行"之前,我的脚本将在注入标记之前运行.
问题是,这个平台开始将分析和垃圾邮件注入头部,基本上是在向客户提供信息并将其出售给第三方.所以我想禁用他们糟糕的脚本.
<script type="text/javascript" async="" src="/some.JS.file.min.js"></script>
<script type="text/javascript" async="" src="/another.JS.file.min.js"></script>
是否可以使用javascript或jquery编写一个脚本,在运行之前编辑标签? 我可以在注入标记之前插入此自定义脚本.我错了 - 不需要的<script>标签总是预先添加到第一个未评论的<script>标签,因此在运行之前没有javascript可以用来破解标签.
我发现这个不完整而且没有从这个SO问题回答.
当我运行完整的脚本并为我自己的网站输入正确的详细信息时,我会收到很多错误,很难知道从哪里开始,因为我不知道所有XHR的内容是什么或它做什么,以及一些错误是我以前从未见过的.
当我运行这部分时,我有点理解:
doc = document.implementation.createHTMLDocument(""+(document.title || ""));
scripts = doc.getElementsByTagName("script");
//Modify scripts as you please
[].forEach.call( scripts, function( script ) {
if(script.getAttribute("src") == "/some.JS.file.min.js"
|| script.getAttribute("src") == "/another.JS.file.min.js") {
script.removeAttribute("src");
}
});
他们的脚本是在我的脚本之后插入的.也就是说,我可以将脚本插入到<head>脚本标记之前或之后.我们现在正在寻找新的平台,但我仍然需要在此期间解决这个问题,因为我们需要几个月才能切换.我希望有一些我不知道的JavaScript可以在运行之前编辑HTML脚本标记,如果这个脚本在它们运行之前运行的话.
尼特的答案 window.bcanalytics = function () {};非常有效,并且通过破坏打破了大部分,window.bcanalytics.push但不知何故,其中一些仍然存在.
在这个块中:
<script type="text/javascript">
(function() {
window.bcanalytics || (window.bcanalytics = []), window.bcanalytics.methods = ["debug", "identify", "track",
"trackLink", "trackForm", "trackClick", "trackSubmit", "page", "pageview", "ab", "alias", "ready", "group",
"on", "once", "off", "initialize"], window.bcanalytics.factory = function(a) {
return function()
{
var b = Array.prototype.slice.call(arguments);
return b.unshift(a), window.bcanalytics.push(b),
window.bcanalytics
}
};
for (var i = 0; i < window.bcanalytics.methods.length; i++)
{
var method = window.bcanalytics.methods[i];
window.bcanalytics[method] = window.bcanalytics.factory(method)
}
window.bcanalytics.load = function() {
var a = document.createElement("script");
a.type = "text/javascript",
a.async = !0, a.src = "http://cdn5.bigcommerce.com/r-2b2d3f12176a8a1ca3cbd41bddc9621d2657d707/app/assets/js/vendor/bigcommerce/analytics.min.js";
var b = document.getElementsByTagName("script")[0];
// This line still runs and loads analytics.min.js
// This line still runs and loads analytics.min.js
// This line still runs and loads analytics.min.js
b.parentNode.insertBefore(a, b)
// ^^^ This line still runs and loads analytics.min.js
// This line still runs and loads analytics.min.js
// This line still runs and loads analytics.min.js
}, window.bcanalytics.SNIPPET_VERSION = "2.0.8", window.bcanalytics.load();
bcanalytics.initialize({"Fornax": {"host": "https:\/\/analytics.bigcommerce.com","cdn": "http:\/\/cdn5.bigcommerce.com\/r-2b2d3f12176a8a1ca3cbd41bddc9621d2657d707\/app\/assets\/js\/vendor\/bigcommerce\/fornax.min.js","defaultEventProperties": {"storeId": 729188,"experiments": {"shipping.eldorado.ng-shipment.recharge-postage": "on","shipping.eldorado.label_method": "on","cp2.lightsaber": "on","PMO-272.cp1_new_product_options": "on","cart.limit_number_of_unique_items": "control","cart.auto_remove_items_over_limit": "control","BIG-15465.limit_flash_messages": "control","BIG-15230.sunset_design_mode": "control","bigpay.checkout_authorizenet.live": "on","bigpay.checkout_authorizenet.live.employee.store": "control","bigpay.checkout_authorizenet.test": "on","bigpay.checkout_authorizenet.test.employee.store": "control","bigpay.checkout_stripe.live": "on","bigpay.checkout_stripe.live.employee.store": "control","bigpay.checkout_stripe.test": "on","bigpay.checkout_stripe.test.employee.store": "control","sessions.flexible_storage": "on","PMO-439.ng_payments.phase1": "control","PMO-515.ng_payments.phase2": "control","PROJECT-331.pos_manager": "control","PROJECT-453.enterprise_apps": "control","shopping.checkout.cart_to_paid": "legacy_ui","onboarding.initial_user_flow.autoprovision": "on","faceted_search.enabled": "off","faceted_search.displayed": "off","themes.previewer": "enabled"}},"defaultContext": {"source": "Bigcommerce Storefront"},"anonymousId": "24a35a36-7153-447e-b784-c3203670f644"}});
})();
</script>
window.bcanalytics.load 设法生存并加载analytics.min.js(根据网络选项卡),虽然我无法判断脚本是否运行或不运行.
另外,我已经发现这些讨厌的HTML行:
<script type="text/javascript" defer="" async="" src="http://tracker.boostable.com/boost.bigcommerce.js"></script>
<script type="text/javascript" async="" defer="" src="http://cdn5.bigcommerce.com/r-2b2d3f12176a8a1ca3cbd41bddc9621d2657d707/javascript/jirafe/beacon_api.js"></script>
<script type="text/javascript" async="" src="http://cdn5.bigcommerce.com/r-2b2d3f12176a8a1ca3cbd41bddc9621d2657d707/app/assets/js/vendor/bigcommerce/analytics.min.js"></script>
<script type="text/javascript" async="" src="http://www.google-analytics.com/plugins/ua/ecommerce.js"></script>
总是预先添加到第一个未注释的<script>开始标记,所以不幸的是,下面没有任何创造性破坏性的方法可以工作,因为我尝试在这些标记之前插入的任何脚本将自动找到在它之前附加的讨厌的不需要的行.
假设违规代码与您链接的问题类似,我只想尝试打破违规代码,使其无法执行.
从这里开始,答案依赖于另一个问题的代码,因为你没有提供任何代码.
违规代码依赖于分析,这在脚本开头的页面上得到了保证:
(function(){
window.analytics||(window.analytics=[]),window.analytics.methods=["debug","identify","track","trackLink","trackForm","trackClick","trackSubmit","page","pageview","ab","alias","ready","group","on","once","off","initialize"],window.analytics.factory=function(a){return function(){var b=Array.prototype.slice.call(arguments);return b.unshift(a),window.analytics.push(b),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var method=window.analytics.methods[i];window.analytics[method]=window.analytics.factory(method)}window.analytics.load=function(){var a=document.createElement("script");a.type="text/javascript",a.async=!0,a.src="http://cdn2.bigcommerce.com/r6cb05f0157ab6c6a38c325c12cfb4eb064cc3d6f/app/assets/js/analytics.min.js";var b=document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)},window.analytics.SNIPPET_VERSION="2.0.8",window.analytics.load();
//The rest of the script
})();
要打破整个脚本并阻止它运行,您应该只分配window.analytics一个与使用的方法冲突的值.
因此,例如,您可以在简单地分配以下内容的违规脚本之前运行脚本:
window.analytics = function () {};
这会导致违规脚本因类型错误而失败.