Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
.Veneno.
wechaty
提交
95100374
W
wechaty
项目概览
.Veneno.
/
wechaty
与 Fork 源项目一致
Fork自
wechaty / wechaty
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
W
wechaty
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
95100374
编写于
9月 17, 2017
作者:
Huan (李卓桓)
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
remove deprecated /doc/ directory
上级
9d6d73f9
变更
3
展开全部
隐藏空白更改
内联
并排
Showing
3 changed file
with
0 addition
and
8876 deletion
+0
-8876
doc/README.md
doc/README.md
+0
-17
doc/stats.js
doc/stats.js
+0
-275
doc/webwxapp.js
doc/webwxapp.js
+0
-8584
未找到文件。
doc/README.md
已删除
100644 → 0
浏览文件 @
9d6d73f9
# DEPRECATED
Please do not use this directory for document any more.
## Where should you go
We have repository for monitoring the Web Wechat source code at here:
<https://github.com/Chatie/webwx-app-tracker>
Please check the latest version of
`webwxApp.js`
at here:
<https://github.com/Chatie/webwx-app-tracker/blob/master/formatted/webwxApp.js>
And if you want to reference any code in
`webwxApp.js`
, please do not forget to use a specific commit hash, like this:
<https://github.com/Chatie/webwx-app-tracker/blob/7c59d35c6ea0cff38426a4c5c912a086c4c512b2/formatted/webwxApp.js>
Thanks!
Huan
doc/stats.js
已删除
100755 → 0
浏览文件 @
9d6d73f9
function
AQ_SECAPI_ESCAPE
(
Url
,
map
)
{
var
tmpArr
=
new
Array
;
for
(
var
m
=
0
;
m
<
Url
.
length
;
m
++
)
{
if
(
Url
.
charAt
(
m
)
==
'
&
'
)
{
var
keyLen
=
[
3
,
4
,
5
,
9
];
var
matchFlag
=
0
;
for
(
var
n
in
keyLen
)
{
var
l
=
keyLen
[
n
];
if
(
m
+
l
<=
Url
.
length
)
{
var
subLow
=
Url
.
substr
(
m
,
l
).
toLowerCase
();
if
(
map
[
subLow
])
{
tmpArr
.
push
(
map
[
subLow
]);
m
=
m
+
l
-
1
;
matchFlag
=
1
;
break
;
}
}
}
if
(
matchFlag
==
0
)
{
tmpArr
.
push
(
Url
.
charAt
(
m
));
}
}
else
{
tmpArr
.
push
(
Url
.
charAt
(
m
));
}
}
return
tmpArr
.
join
(
""
);
}
function
AQ_SECAPI_CheckXss
()
{
var
map
=
new
Object
();
var
escapeChars
=
"
'
\"
<>`script:daex/hml;bs64,
"
;
for
(
var
i
=
0
;
i
<
escapeChars
.
length
;
i
++
)
{
var
cha
=
escapeChars
.
charAt
(
i
);
var
dec
=
cha
.
charCodeAt
();
var
dec7
=
dec
;
var
hex
=
dec
.
toString
(
16
);
for
(
var
j
=
0
;
j
<
(
7
-
dec
.
toString
().
length
);
j
++
)
{
dec7
=
"
0
"
+
dec7
;
}
map
[
"
&#
"
+
dec
+
"
;
"
]
=
cha
;
map
[
"
&#
"
+
dec7
]
=
cha
;
map
[
"
&#x
"
+
hex
]
=
cha
;
}
map
[
"
<
"
]
=
"
<
"
;
map
[
"
>
"
]
=
"
>
"
;
map
[
"
"
"
]
=
"
\"
"
;
var
Url
=
location
.
href
;
var
Refer
=
document
.
referrer
;
Url
=
decodeURIComponent
(
AQ_SECAPI_ESCAPE
(
Url
,
map
));
Refer
=
decodeURIComponent
(
AQ_SECAPI_ESCAPE
(
Refer
,
map
));
var
XssPattern
=
new
RegExp
(
"
['
\"
<>`]|script:|data:text/html;base64,
"
);
if
(
XssPattern
.
test
(
Url
)
||
XssPattern
.
test
(
Refer
))
{
var
version
=
'
1.5
'
,
cgi
=
'
http://zyjc.sec.qq.com/dom
'
,
img
=
new
Image
();
img
.
src
=
cgi
+
"
?v=
"
+
version
+
"
&u=
"
+
encodeURIComponent
(
Url
)
+
"
&r=
"
+
encodeURIComponent
(
Refer
);
Url
=
Url
.
replace
(
/
[
'
\"
<>`
]
|script:/gi
,
'
M
'
);
Url
=
Url
.
replace
(
/data:text
\/
html;base64,/gi
,
'
data:text/plain;base64,
'
);
location
.
href
=
encodeURI
(
Url
);
}
}
AQ_SECAPI_CheckXss
();
(
function
(
_wnd
,
_doc
,
_ln
)
{
function
checkNonTxDomain
(
level
,
bid
,
pagetype
)
{
var
checkInfo
=
{
bid
:
bid
,
childUrl
:
""
,
parentUrl
:
""
},
childCheckFlag
,
parentCheckFlag
;
try
{
checkInfo
.
childUrl
=
_ln
.
href
;
}
catch
(
ign
)
{}
try
{
checkInfo
.
parentUrl
=
parent
.
location
.
href
;
}
catch
(
ign
)
{}
if
(
Math
.
random
()
>
level
)
{
return
;
}
if
(
pagetype
==
1
)
{
try
{
parentCheckFlag
=
(
parent
!=
_wnd
)
?
generateNonTxDomainFromDom
(
parent
.
document
,
'
datapp
'
,
checkInfo
)
:
false
;
}
catch
(
ign
)
{}
}
else
{
try
{
childCheckFlag
=
generateNonTxDomainFromDom
(
_doc
,
'
datapt
'
,
checkInfo
);
parentCheckFlag
=
(
parent
!=
_wnd
)
?
generateNonTxDomainFromDom
(
parent
.
document
,
'
datapp
'
,
checkInfo
)
:
false
;
}
catch
(
ign
)
{}
try
{
if
(
parent
!=
_wnd
)
{
generateZyjIframed
(
checkInfo
);
}
}
catch
(
ign
)
{}
}
}
function
generateZyjIframed
(
checkInfo
)
{
var
data
=
[];
data
.
push
(
"
beframed::url
"
);
packZyjUrlData
(
data
,
'
beframed
'
,
checkInfo
);
}
function
packZyjUrlData
(
data
,
dataMark
,
checkInfo
)
{
var
version
=
'
1.4
'
,
cgi
=
'
http://zyjc.sec.qq.com/cr
'
,
img
=
new
Image
();
data
.
push
(
"
childUrl::
"
+
encodeURIComponent
(
checkInfo
.
childUrl
));
data
.
push
(
"
parentUrl::
"
+
encodeURIComponent
(
checkInfo
.
parentUrl
));
img
.
src
=
cgi
+
"
?id=
"
+
checkInfo
.
bid
+
"
&d=
"
+
dataMark
+
"
=v
"
+
version
+
"
|
"
+
data
.
join
(
'
|
'
);
return
true
;
}
function
generateNonTxDomainFromDom
(
dom
,
parentMark
,
checkInfo
)
{
var
scriptData
=
extractNonTxScriptWorm
(
dom
);
var
iframeData
=
extractNonTxIframe
(
dom
);
var
frameData
=
extractNonTxFrame
(
dom
);
var
embedData
=
extractNonTxEmbed
(
dom
);
var
imgData
=
extractNonTxIMG
(
dom
);
var
hacks
=
scriptData
.
concat
(
iframeData
,
frameData
,
imgData
,
embedData
);
if
(
hacks
.
length
<=
0
)
{
return
false
;
}
hacks
=
distinctZyjArray
(
hacks
);
packZyjUrlData
(
hacks
,
parentMark
,
checkInfo
);
}
function
extractNonTxScriptWorm
(
dom
)
{
var
scripts
=
dom
.
getElementsByTagName
(
"
script
"
),
scriptData
=
[],
tempScript
,
urlList
,
url
,
nonTxList
,
mapFunc
,
resultList
;
for
(
var
i
=
0
;
i
<
scripts
.
length
;
i
++
)
{
tempScript
=
scripts
[
i
];
if
(
url
=
tempScript
.
src
)
{
scriptData
.
push
(
url
);
}
}
nonTxList
=
grepZyjList
(
scriptData
,
isAntiTxDomain
);
mapFunc
=
addTagToZyjUrlCallback
(
'
script
'
);
resultList
=
mapZyjList
(
nonTxList
,
mapFunc
);
return
resultList
;
}
function
extractNonTxScript
(
dom
)
{
var
scripts
=
dom
.
getElementsByTagName
(
"
script
"
),
scriptData
=
[],
tempScript
,
urlList
,
url
,
nonTxList
,
mapFunc
,
resultList
;
for
(
var
i
=
0
;
i
<
scripts
.
length
;
i
++
)
{
tempScript
=
scripts
[
i
];
urlList
=
extractZyjUrlFromHtml
(
tempScript
.
innerHTML
);
scriptData
=
scriptData
.
concat
(
urlList
);
if
(
url
=
tempScript
.
src
)
{
scriptData
.
push
(
url
);
}
}
nonTxList
=
grepZyjList
(
scriptData
,
isAntiTxDomain
);
mapFunc
=
addTagToZyjUrlCallback
(
'
script_worm
'
);
resultList
=
mapZyjList
(
nonTxList
,
mapFunc
);
return
resultList
;
}
function
extractZyjUrlFromHtml
(
html
)
{
var
regUrl
=
/
\b
https
?
:
\/\/[^\"\'\s]
+/ig
,
urlList
=
[];
while
(
url
=
regUrl
.
exec
(
html
))
{
urlList
.
push
(
url
);
}
return
urlList
;
}
function
grepZyjList
(
testList
,
testFunction
)
{
var
grepList
=
[];
for
(
var
idx
=
0
;
idx
<
testList
.
length
;
++
idx
)
{
var
temp
=
testList
[
idx
];
if
(
testFunction
(
temp
))
{
grepList
.
push
(
temp
);
}
}
return
grepList
;
}
function
isAntiTxDomain
(
sUrl
)
{
var
sDomain
=
extractZyjDomain
(
sUrl
),
regErrDom
,
regTxCom
,
regTxCn
,
regTxNet
,
regTxOther
;
if
(
!
sDomain
)
{
return
false
;
}
regErrDom
=
/^xui.ptlogin2
?\.?
$/i
;
regTxCom
=
/
(\.
|^
)(
qq|paipai|soso|wenwen|tenpay|macromedia|gtimg|qstatic|qqmail|paipaiimg|qqgames|pengyou|foxmail|qzoneapp|qzone|qplus|imqq|tqapp|tencent|3366|21mmo|taotao|imrworldwide|idqqimg|17roco|expo2010china|fangqq|tencentmind|tencity|yingkebicheng|zhangzhongxing|expovol|otaworld|gzyunxun|heyyo|himoral|himorale|myrtx|qqwinner|redian|sjkx|rtxonline|nbaso|paipai
\.
500wan|qqjapan|qq
\.
salewell|sogou|weiyun|flzhan
)\.
com$/i
;
regTxCn
=
/
(\.
|^
)(
qq
\.
com|gtimg|gtimg
\.
com|qlogo|foxmail
\.
com|gtimg
\.
com|url|qpic|tencent
\.
com|expo2010|expo|himorale
\.
com|nbaso
\.
com|qqtest
\.
com|qq
\.
ucar|rtx
\.
com|soso
\.
com|tcimage
)\.
cn$/i
;
regTxNet
=
/
(\.
|^
)(
5999|gongyi
)\.
net$/i
;
regTxOther
=
/
(\.
|^
)(
himorale
\.
com
\.
hk|tencent
\.
com
\.
hk|qq
\.
chinacache
\.
net|qq
\.
com
\.
fastcdn
\.
com|qq
\.
com
\.
lxdns
\.
com|qq
\.
fastcdn
\.
com|soso
\.
com
\.
lxdns
\.
com|motu
\.
pagechoice
\.
net|ope
\.
tanx
\.
com|dap
\.
gentags
\.
net
)
$/i
;
if
(
regErrDom
.
test
(
sDomain
)
||
regTxCom
.
test
(
sDomain
)
||
regTxCn
.
test
(
sDomain
)
||
regTxNet
.
test
(
sDomain
)
||
regTxOther
.
test
(
sDomain
))
{
return
false
;
}
return
true
;
}
function
extractZyjDomain
(
sUrl
)
{
var
regDomain
=
/^https
?
:
\/\/([\w\-]
+
\.[\w\-
.
]
+
)
/i
,
m
=
regDomain
.
exec
(
sUrl
);
if
(
!
m
)
{
return
;
}
return
m
[
1
];
}
function
addTagToZyjUrlCallback
(
tag
)
{
return
function
(
url
)
{
return
tag
+
"
::
"
+
encodeURIComponent
(
url
);
}
;
}
function
mapZyjList
(
testList
,
testFunction
)
{
var
mapList
=
[],
temp
,
mapTemp
;
for
(
var
idx
=
0
;
idx
<
testList
.
length
;
++
idx
)
{
temp
=
testList
[
idx
];
mapTemp
=
testFunction
(
temp
);
mapList
.
push
(
mapTemp
);
}
return
mapList
;
}
function
extractNonTxIframe
(
dom
)
{
var
tagName
=
'
IFRAME
'
,
rawFunc
=
function
(
x
)
{
return
x
.
src
}
,
mapFunc
=
addTagToZyjUrlCallback
(
'
iframe
'
);
return
extractNonTxTagData
(
dom
,
tagName
,
rawFunc
,
isAntiTxDomain
,
mapFunc
);
}
function
extractNonTxEmbed
(
dom
)
{
var
tagName
=
'
EMBED
'
,
rawFunc
=
function
(
x
)
{
return
x
.
src
}
,
mapFunc
=
addTagToZyjUrlCallback
(
'
embed
'
);
return
extractNonTxTagData
(
dom
,
tagName
,
rawFunc
,
isAntiTxDomain
,
mapFunc
);
}
function
extractNonTxTagData
(
dom
,
tag
,
rawFunc
,
grepFunc
,
mapFunc
)
{
var
tags
=
dom
.
getElementsByTagName
(
tag
);
var
tagRaw
=
mapZyjList
(
tags
,
rawFunc
);
var
tagData
=
grepZyjList
(
tagRaw
,
grepFunc
);
var
tagResult
=
mapZyjList
(
tagData
,
mapFunc
);
return
tagResult
;
}
function
extractNonTxFrame
(
dom
)
{
var
tagName
=
'
FRAME
'
,
rawFunc
=
function
(
x
)
{
return
x
.
src
}
,
mapFunc
=
addTagToZyjUrlCallback
(
'
frame
'
);
return
extractNonTxTagData
(
dom
,
tagName
,
rawFunc
,
isAntiTxDomain
,
mapFunc
);
}
function
extractNonTxForm
(
dom
)
{
var
tagName
=
'
FORM
'
,
rawFunc
=
function
(
x
)
{
return
x
.
action
}
,
mapFunc
=
addTagToZyjUrlCallback
(
'
form
'
);
return
extractNonTxTagData
(
dom
,
tagName
,
rawFunc
,
isAntiTxDomain
,
mapFunc
);
}
function
extractNonTxIMG
(
dom
)
{
var
tagName
=
'
IMG
'
,
rawFunc
=
function
(
x
)
{
return
x
.
src
}
,
mapFunc
=
addTagToZyjUrlCallback
(
'
img
'
);
return
extractNonTxTagData
(
dom
,
tagName
,
rawFunc
,
isAntiTxDomain
,
mapFunc
);
}
function
distinctZyjArray
(
list
)
{
var
sortList
=
list
.
slice
(
0
)
,
derivedArray
=
[];
sortList
.
sort
();
derivedArray
.
push
(
sortList
[
0
]);
for
(
var
i
=
1
;
i
<
sortList
.
length
;
i
+=
1
)
{
if
(
sortList
[
i
]
!=
sortList
[
i
-
1
])
{
derivedArray
.
push
(
sortList
[
i
]);
}
}
return
derivedArray
;
}
_wnd
.
checkNonTxDomain
=
checkNonTxDomain
;
})(
window
,
document
,
location
);
try
{
setTimeout
(
function
()
{
checkNonTxDomain
(
0.1
,
100
,
1
);
},
0
);
}
catch
(
ign
)
{}
try
{
setTimeout
(
function
()
{
checkNonTxDomain
(
0.1
,
100
,
0
);
},
3000
);
}
catch
(
ign
)
{}
doc/webwxapp.js
已删除
100644 → 0
浏览文件 @
9d6d73f9
此差异已折叠。
点击以展开。
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录