How to create URL without A tag + A demonstration of the famed IE bug如何创建网址没有一个标记+示范著名的即错误
I want to demonstrate two things.我想证明两件事。 First a simple way to create hyperlink without using the standard A tag with HREF attribute.首先一个简单的方法来建立超连结,而不使用标准的标记href属性。 This works like a normal tag and looks the same.这个工程就像一个正常的标记,并期待相同。 Yet it uses CSS & javascript event handlers to achieve the same effect using a span tag.然而,它使用的CSS和JavaScript的事件处理程序,以达到相同的效果使用span标记。 This makes it potentially immune to crawling by robots.这使得它有可能幸免于抓取的机器人。
As a side effect I use this code to demonstrate the IE bug where you click on the link of a site.作为一个副作用,我使用此代码,以显示即臭虫你点击该链接的一个网站。 The site shows up properly in the browser window, yet it actually loads a different site.该网站显示正确,在浏览器窗口,但它其实是加载一个不同的网站。 As you will see from the demonstration that the status bar also displays properly the wrong site.正如您会看到从示威状态栏还显示,妥善错误的网站。 Without further ado here’s the example:没有进一步的ADO在这里的例子:
Microsoft? 微软? nope, we are better nope ,我们是更好的 
The code is:该代码是:
Microsoft? 微软? nope, we are better nope ,我们是更好的
Look at the status bar and the Address bar of the displayed page to understand the effect.看看状态栏和地址栏中显示的网页了解的效果。 If you are using Netscape/Mozilla or other browsers based on the codebase you will not be able to view the spoof.如果您使用的是Netscape / Mozilla或其他浏览器的基础上的CODEBASE您将无法以查看欺诈。 In fact you will see the actual URL in the address bar.事实上,您会看到实际的URL地址栏中。
However the hyperlink, status and the rest will work fine.不过,超连结,地位和其余的将工作的罚款。
Filed under提起下 Microsoft微软 , , Web网页 , , Windows在Windows | | 
| | 
RSS 2.0 2.0 | | 
Email this Article电子邮件此文章
You may also like to read您也可以想读 |
February 1st, 2004 at 6:13 am 2004年2月1日在上午06时13分
You know this also works for moz 1.5你知道,这也为工程1.5万盎司
February 2nd, 2004 at 3:40 am 2004年2月2日在上午03时40分
Doesn’t work for me (Safari 1.1, Mac OS X 10.3.2).没有工作的我(的Safari 1.1 ,在Mac OS X 10.3.2 ) 。
Angsuman> Thanks for the info.由Angsuman >感谢信息。 Can you please tell me if it doesn’t behave as an URL (like it doesn’t show underline and/or doesn’t display可以请你告诉我,如果它不表现,作为一个网址(如它不显示下划线和/或不显示 http://www.microsoft.com in status bar and/or doesn’t go to在状态栏和/或不会转到 http://www.taragana.com ) or it doesn’t show ) ,或者它不显示 http://www.microsoft.com in the address bar when clicked on the link and yet take you to在地址栏中,当点击该链接,但带你到 http://www.taragana.com? http://www.taragana.com ?
The later I expect to be working with only IE (displaying后来我期望能与只即(展示 http://www.microsoft.com in address bar while actually loading在地址栏中,而实际上装载 http://www.taragana.com ) as it exploits an IE specific bug. ) ,因为它利用一即特定的错误。
The only reason I can think of the former not working is if CSS is not supported or javascript is not enabled.唯一的原因我能想到的前没有工作的CSS是,如果不支持或JavaScript是没有启用。
Is either of them true in your browser settings?是不是他们真正的在您的浏览器设置?
March 17th, 2004 at 5:09 am 2004年3月17日在上午05时09分
what I got by following the link on IE 6.0 is an error page with the following url in the address bar我得到了以下的连结,即6.0是一个错误的网页以下网址在地址栏中 http://www.microsoft.com @www.taragana.com/ and both times I tried the link I got a virus infection warning by a virus called Exploit-URLSpoof.gen @ www.taragana.com/和两个时代的我曾尝试联系,我收到病毒感染警告由病毒所谓的利用- urlspoof.gen
How about that?又如何呢?
here is the virus info:这里是病毒信息:
“Virus Characteristics “病毒的特点
– Update Feb 02, 2004 – -更新2 004年2月2日-
Microsoft has released a patch for the vulnerability exploited by this threat. Microsoft发布了一个修补程序的脆弱性,利用这一威胁。 For more information visit:更多信息,请访问:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/ms04-004.asp
http://support.microsoft.com/?id833786
This detection covers HTML documents (such as web pages and HTML formatted email messages) that contain malformed hyperlinks, which exploit an Internet Explorer vulnerability.这一检测包括HTML文件(如网页和HTML格式的电子邮件讯息)含有恶意的超文本链接,其中利用一个Internet Explorer的脆弱性。 Such exploits result in Internet Explorer displaying one location in the Address bar, but actually loading the content from a different site.这种利用的结果,在Internet Explorer中显示一个位置,在地址栏中,但实际上装载的内容,从不同的网站。 Such URL spoofing can result in attackers creating forged versions of legitimate sites in order to steal account information, personal information, etc.此类网址的欺骗可能会导致攻击者创造伪造版本的合法网站,在以窃取帐户信息,个人资料等。
Email spam is the most likely delivery method of such malicious hyperlinks, to lure users into updating account information.垃圾电子邮件是最有可能的交付方法,例如恶意超连结,以吸引用户到更新的帐户信息。
On January 10, 2004 a mass-spamming by someone phishing for Citibank account information.对2004年1月10日大规模发送垃圾邮件,有人仿冒网站为花旗银行的帐户信息。
Other phishing attempts have targetted eBay, eGold, Paypal, online banking sites, and porno sites.其他钓鱼式攻击的企图有针对性的易趣, egold ,贝宝,网上银行网站,色情网站。
Users should be leery of email messages asking users to click a hyperlink to update account information.用户应leery的电子邮件讯息,要求用户点击一个超链接,以更新的帐户信息。 It’s best to navigate to the site in question by typing the main web address into your web browser, and manually navigating to the account details page.它的最佳浏览到有问题的网站输入的主要网址到您网页浏览器,以及手动航行到帐户的详细资料页。
There are no obvious symptoms of this exploit.有没有明显的症状,此漏洞。 Files detected as Exploit-URLSpoof are benign themselves.文件检测为利用- urlspoof是良性的自己。 No system changes or damage occurs from accessing an Expliot-URLSpoof file.没有一个制度的改变或损害发生地存取一expliot - urlspoof档案。 However, following an exploited hyperlink within a detected file can result in users being tricked to divulge personal information, install malicious software, etc.”不过,经过一利用超连结在一个检测文件可能会导致用户被诱骗泄露个人资料,安装恶意软件等“
November 27th, 2004 at 1:00 pm 2004年11月27日在下午1点
Is this an IE bug?这是一即错误? This means that if I am gona use it on my pages, tomorow won’t work?这意味着,如果我gona使用它在我的网页, tomorow将不会工作? no ?没有?
November 27th, 2004 at 5:33 pm 2004年11月27日在下午5时33分
> Is this an IE bug? >这是一即错误? This means that if I am gona use it on my pages, tomorow won’t work?这意味着,如果我gona使用它在我的网页, tomorow将不会工作? no ?没有?
Yep, that’s it. yep ,就是这样。 You never know when it will work and when it won’t你永远不知道何时会工作时,它不会
March 11th, 2005 at 5:14 pm 2005年3月11日在下午5时14分
[...] page which open in multiple tabs Proper identification and warning for spoofed pages. [ … … ]页,其中公开在多个选项卡适当的身份证明和警告欺骗性的网页。 See a demonstration of the famed IE bug with Firefox for an example.看到一个示范,即著名的错误与Firefox的一个例子。 Watch out for Tabbed Interface In Fi [...]观赏为标签式界面,在Fi的[ … … ]
August 31st, 2006 at 5:09 am 2006年8月31日在上午05时09分
[...] [...] [ … … ] [ … … ]
October 25th, 2006 at 1:27 pm 2006年10月25日在下午1时27分
my name is daniel looper,im 20 5″11.im just a nice guy ready for a relationship.im an orphan,i was adopted when i was 4yrs by an african american missionary couples,they took me to africa.they discovered i was gay at the age of 18 and threw me out of the house,i live on my own now.i read engineering in school and im loking for a way to get out here and start a new life.i need some help from gays in america我的名字是丹尼尔活套,即时消息5月20日“ 11.im只是一个好人准备就绪,一relationship.im一个孤儿,我获得通过,当我4yrs由一个非洲美国传教士夫妇,他们带我到africa.they发现我是盖伊在18岁以下和投掷我赶出房子,我住在我自己的now.i读工程在学校和IM loking一种方式来摆脱在这里开始一个新的life.i需要一些帮助,同性恋在美国