\u5728\u8fdb\u884c\u5728\u7ebf\u8003\u8bd5\u65f6\uff0c\u9762\u5bf9\u6709\u9650\u7684\u65f6\u95f4\u538b\u529b\uff0c\u7cfb\u7edf\u7684\u524d\u7aef\u9650\u5236\uff08\u7981\u6b62 F12\u3001\u7981\u6b62\u590d\u5236\u3001\u7981\u6b62\u7c98\u8d34\u3001\u751a\u81f3\u9875\u9762\u6b7b\u9501\uff09\u4e25\u91cd\u963b\u788d\u4e86\u6b63\u5e38\u7684\u4f5c\u7b54\u6548\u7387\u3002\u901a\u8fc7\u5bf9\u8d85\u661f\u5b66\u4e60\u901a\u524d\u7aef\u5b89\u5168\u673a\u5236\u957f\u8fbe\u6570\u4e2a\u7248\u672c\u7684\u6df1\u5ea6\u9006\u5411\u5206\u6790\u4e0e\u5bf9\u6297\uff0c\u6211\u6784\u5efa\u4e86\u4e00\u6761\u4ece DOM \u7a81\u7834\u5230 JS \u539f\u578b\u94fe\u52ab\u6301\uff0c\u518d\u5230\u4e8b\u4ef6\u6355\u83b7\u5c42\u963b\u65ad\u7684\u5b8c\u6574\u653b\u9632\u94fe\u8def\uff0c\u5f7b\u5e95\u74e6\u89e3\u4e86\u5176\u524d\u7aef\u9632\u5fa1\u4f53\u7cfb\u3002<\/p>\n\n\n\n
\u70b9\u51fb F12 \u6253\u5f00\u5f00\u53d1\u8005\u5de5\u5177\u65f6\uff0c\u9875\u9762\u77ac\u95f4\u5361\u6b7b\uff0c\u89e6\u53d1\u4e86\u65e0\u9650 \u6700\u521d\uff0c\u6211\u4eec\u901a\u8fc7\u91cd\u5199\u5168\u5c40\u7684 \u8fd9\u79cd\u5199\u6cd5\u76f4\u63a5\u8c03\u7528\u4e86 JavaScript \u5e95\u5c42\u7684 \u8981\u5f7b\u5e95\u7c89\u788e\u8fd9\u79cd\u9003\u9038\uff0c\u6211\u4eec\u5fc5\u987b\u5c06\u9632\u7ebf\u4e0b\u6c89\uff0c\u76f4\u63a5\u52ab\u6301\u6240\u6709\u51fd\u6570\u7684\u201c\u7956\u5b97\u201d\u8282\u70b9\uff1a<\/p>\n\n\n\n \u8d77\u521d\uff0c\u6211\u4eec\u8ba4\u4e3a\u9898\u5e72\u65e0\u6cd5\u590d\u5236\u4ec5\u4ec5\u662f\u56e0\u4e3a \u5982\u679c\u6211\u4eec\u5728\u5192\u6ce1\u9636\u6bb5\u53bb\u89e3\u9664\u9650\u5236\uff0c\u5f80\u5f80\u4f1a\u88ab\u8d85\u661f\u5e95\u5c42\u7684\u6846\u67b6\u6b7b\u6b7b\u5361\u4f4f\u3002\u771f\u6b63\u7684\u6253\u51fb\u662f\u5b9e\u65bd\u201c\u4e8b\u4ef6\u6355\u83b7\u5c42\u963b\u65ad\uff08Event Capture Interception\uff09\u201d<\/strong>\u3002 \u914d\u5408\u5b9a\u65f6\u5668\u9ad8\u9891\u6e05\u9664\u884c\u5185\u5c5e\u6027\uff08\u5e94\u5bf9 Ajax \u52a8\u6001\u52a0\u8f7d\u7684\u9898\u76ee\uff09\uff0c\u590d\u5236\u4e0e\u53f3\u952e\u83dc\u5355\u88ab\u5b8c\u7f8e\u89e3\u9501\u3002<\/p>\n\n\n\n \u8fd9\u662f\u6574\u4e2a\u653b\u9632\u94fe\u8def\u4e2d\u6700\u6838\u5fc3\u7684\u4e00\u73af\u3002\u8d85\u661f\u901a\u8fc7\u5728 UEditor \u5b9e\u4f8b\u4e0a\u7ed1\u5b9a \u4f9d\u8d56 DOM \u52a0\u8f7d\u5b8c\u6bd5\u540e\u53bb\u6267\u884c \u6ce8\uff1a\u5728\u65e9\u671f\u7248\u672c\u4e2d\uff0c\u6211\u4eec\u66fe\u5c1d\u8bd5\u51bb\u7ed3\u5168\u5c40\u7684 \u5728\u5b9e\u6218\u4e2d\uff0c\u7531\u4e8e\u7f51\u7edc\u6ce2\u52a8\u6216\u811a\u672c\u51b2\u7a81\uff0c\u8d85\u661f\u9875\u9762\u6709\u65f6\u4f1a\u51fa\u73b0\u201c\u70b9\u51fb\u63d0\u4ea4\u6ca1\u53cd\u5e94\u201d\u3001\u201c\u4e00\u76f4\u663e\u793a\u6b63\u5728\u63d0\u4ea4\u201d\u6216\u201c\u88ab\u900f\u660e\u906e\u7f69\u5c42\u5361\u6b7b\u201d\u7684\u6b7b\u9501\u72b6\u6001\u3002<\/p>\n\n\n\n \u4e3a\u6b64\uff0c\u6211\u5f00\u53d1\u4e86\u4e00\u4e2a\u60ac\u6d6e\u7684\u201c\ud83c\udd98 \u89e3\u9664\u6b7b\u9501\u201d<\/strong>\u6a21\u5757\u3002\u5b83\u7cbe\u51c6\u6620\u5c04\u4e86\u8d85\u661f\u5e95\u5c42\u7684\u4e1a\u52a1\u9501\u53d8\u91cf\uff0c\u5e76\u80fd\u5f3a\u884c\u6062\u590d DOM \u4ea4\u4e92\u6743\u9650\uff1a<\/p>\n\n\n\n \u5728\u5b8c\u6210\u4e86\u539f\u578b\u94fe\u52ab\u6301\u4e4b\u540e\uff0c\u7406\u8bba\u4e0a\u6240\u6709 UEditor \u7684\u771f\u6b63\u8f93\u5165\u73af\u5883\uff0c\u5e76\u4e0d\u5728\u4e3b\u9875\u9762\uff0c\u800c\u662f\u5728\u4e00\u4e2a\u72ec\u7acb\u7684 iframe \u4e2d\u3002<\/strong><\/p>\n<\/blockquote>\n\n\n\n \u6b64\u524d\u6240\u6709\u7684\u9632\u5fa1\u7ed5\u8fc7\uff0c\u90fd\u662f\u57fa\u4e8e\u4e3b\u6587\u6863\uff08document\uff09\u5c42\u5b8c\u6210\u7684\uff1a<\/p>\n\n\n\n \u4f46\u6d4f\u89c8\u5668\u7684\u4e8b\u4ef6\u7cfb\u7edf\u5b58\u5728\u4e00\u4e2a\u5173\u952e\u7279\u6027\uff1a<\/p>\n\n\n\n iframe \u5185\u90e8\u62e5\u6709\u72ec\u7acb\u7684\u4e8b\u4ef6\u6d41\u7cfb\u7edf<\/strong><\/p>\n<\/blockquote>\n\n\n\n \u4e5f\u5c31\u662f\u8bf4\uff1a<\/p>\n\n\n\n \u8fd9\u5c31\u5bfc\u81f4\uff1a<\/p>\n\n\n\n \u8fd9\u4e5f\u662f\u4e3a\u4ec0\u4e48\u5728 V6.3 \u9636\u6bb5\uff0c\u201c\u7406\u8bba\u6210\u529f\u4f46\u5b9e\u9645\u5931\u8d25\u201d\u7684\u6838\u5fc3\u539f\u56e0\u3002<\/p>\n\n\n\n \u65e2\u7136\u95ee\u9898\u51fa\u5728 iframe \u5185\u90e8\uff0c\u90a3\u4e48\u89e3\u51b3\u65b9\u6848\u4e5f\u5f88\u76f4\u63a5\uff1a<\/p>\n\n\n\n \u8fdb\u5165 iframe \u5185\u90e8\uff0c\u63a5\u7ba1\u5b83\u7684 paste \u4e8b\u4ef6<\/strong><\/p>\n<\/blockquote>\n\n\n\n \u6838\u5fc3\u601d\u8def\u662f\uff1a<\/p>\n\n\n\n \u5b9e\u73b0\u4ee3\u7801\u5982\u4e0b\uff1a<\/p>\n\n\n\n \u7531\u4e8e\u9898\u76ee\u662f\u901a\u8fc7 Ajax \u52a8\u6001\u52a0\u8f7d\u7684\uff0ciframe \u4e5f\u4f1a\u4e0d\u65ad\u751f\u6210\uff0c\u56e0\u6b64\u5fc5\u987b\u91c7\u7528\u201c\u6301\u7eed\u63a5\u7ba1\u7b56\u7565\u201d\uff1a<\/p>\n\n\n\n \u8fd9\u4e00\u673a\u5236\u786e\u4fdd\uff1a<\/p>\n\n\n\n \u5168\u90e8\u81ea\u52a8\u7eb3\u5165\u63a7\u5236\u3002<\/p>\n\n\n\n \u7ed3\u5408\u4e0a\u8ff0\u6240\u6709\u539f\u7406\uff0c\u6784\u5efa\u6700\u7ec8\u7684\u81ea\u52a8\u5316\u7528\u6237\u811a\u672c\u3002\u5c06\u4ee5\u4e0b\u4ee3\u7801\u653e\u5165 Tampermonkey \u4e2d\u5373\u53ef\u5b9e\u73b0\u5168\u81ea\u52a8\u964d\u7ef4\u6253\u51fb\u3002<\/p>\n\n\n\n \u901a\u8fc7\u8fd9\u6b21\u5b9e\u6218\uff0c\u63ed\u793a\u4e86\u524d\u7aef\u5b89\u5168\u5bf9\u6297\u7684\u51e0\u4e2a\u6838\u5fc3\u6cd5\u5219\uff1a<\/p>\n\n\n\n \u6240\u6709\u7eaf\u5ba2\u6237\u7aef\u7684\u5b89\u5168\u9650\u5236\u5728\u638c\u63e1\u4e86\u5e95\u5c42\u6267\u884c\u6d41\u7684\u653b\u51fb\u8005\u9762\u524d\u90fd\u662f\u900f\u660e\u7684\uff0c\u771f\u6b63\u7684\u4e1a\u52a1\u5b89\u5168\u5fc5\u987b\u5efa\u7acb\u5728\u670d\u52a1\u7aef\u4e25\u683c\u7684\u6570\u636e\u6821\u9a8c\u4e4b\u4e0a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" \u80cc\u666f \u5728\u8fdb\u884c\u5728\u7ebf\u8003\u8bd5\u65f6\uff0c\u9762\u5bf9\u6709\u9650\u7684\u65f6\u95f4\u538b\u529b\uff0c\u7cfb\u7edf\u7684\u524d\u7aef\u9650\u5236\uff08\u7981\u6b62 F12\u3001\u7981\u6b62\u590d\u5236\u3001\u7981\u6b62\u7c98\u8d34\u3001\u751a\u81f3\u9875\u9762\u6b7b\u9501\uff09\u4e25 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-144","post","type-post","status-publish","format-standard","hentry","category-learn"],"_links":{"self":[{"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/posts\/144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/comments?post=144"}],"version-history":[{"count":17,"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/posts\/144\/revisions"}],"predecessor-version":[{"id":168,"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/posts\/144\/revisions\/168"}],"wp:attachment":[{"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/media?parent=144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/categories?post=144"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.plutoze.xyz\/index.php\/wp-json\/wp\/v2\/tags?post=144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}debugger<\/code> \u65ad\u70b9\u62e6\u622a\u3002<\/p>\n\n\n\n\u9650\u5236\u673a\u5236\u4e0e\u5bf9\u6297\u5347\u7ea7<\/h3>\n\n\n\n
window.Function<\/code> \u6210\u529f\u62e6\u622a\u4e86 new Function('debugger')<\/code>\u3002\u4f46\u968f\u540e\u53d1\u73b0\uff0c\u8d85\u661f\u7684\u524d\u7aef\u6df7\u6dc6\u4ee3\u7801\u4f7f\u7528\u4e86\u201c\u539f\u578b\u94fe\u6784\u9020\u5668\u9003\u9038\u201d<\/strong>\u6280\u672f\uff1a<\/p>\n\n\n\n\/\/ \u8d85\u661f\u7ed5\u8fc7 window.Function \u7684\u7ecf\u5178\u624b\u6cd5\n(function anonymous() {}).constructor(\"debugger\")(); <\/code><\/pre>\n\n\n\nFunction.prototype.constructor<\/code>\uff0c\u5b8c\u7f8e\u907f\u5f00\u4e86\u6211\u4eec\u5728\u5168\u5c40\u5bf9\u8c61\u4e0a\u8bbe\u4e0b\u7684\u9677\u9631\u3002<\/p>\n\n\n\n\u9006\u5411\u89e3\u9664\uff08Root Prototype Hooking\uff09<\/h3>\n\n\n\n
const originalFunction = window.Function;\nconst blockDebugger = function(...args) {\n const fnStr = args[args.length - 1];\n if (typeof fnStr === 'string' && fnStr.includes('debugger')) {\n return function() {}; \/\/ \u66ff\u6362\u4e3a\u7a7a\u51fd\u6570\uff0c\u9759\u9ed8\u5931\u6548\n }\n return originalFunction.apply(this, args);\n};\n\n\/\/ 1. \u62e6\u622a\u5168\u5c40\u8c03\u7528\nwindow.Function = blockDebugger;\n\/\/ 2. \u6838\u5fc3\u6740\u62db\uff1a\u62e6\u622a\u539f\u578b\u94fe\u9003\u9038\u8c03\u7528\nFunction.prototype.constructor = blockDebugger;<\/code><\/pre>\n\n\n\n
\n\n\n\n\u7b2c\u4e8c\u6b65\uff1a\u89e3\u51b3\u9898\u5e72\u65e0\u6cd5\u590d\u5236\u7684\u95ee\u9898\uff08\u4e8b\u4ef6\u6355\u83b7\u5c42\u963b\u65ad\uff09<\/h2>\n\n\n\n
notAllowCopy.css<\/code> \u4e2d\u7684 user-select: none<\/code>\u3002\u4f46\u5728\u5f3a\u884c\u8986\u76d6 CSS \u540e\uff0c\u53d1\u73b0\u4f9d\u7136\u65e0\u6cd5\u9009\u4e2d\u3002\u8fd9\u8bf4\u660e\u8d85\u661f\u542f\u7528\u4e86 JavaScript \u4e8b\u4ef6\u7ea7\u62e6\u622a<\/strong>\uff08\u5982 onselectstart = return false<\/code> \u548c oncopy<\/code> \u62e6\u622a\uff09\u3002<\/p>\n\n\n\n\u653b\u9632\u63a8\u5bfc\uff1a\u964d\u7ef4\u6253\u51fb JS \u62e6\u622a\u5668<\/h3>\n\n\n\n
\u6211\u4eec\u5728\u6d4f\u89c8\u5668\u4e8b\u4ef6\u6d41\u7684\u6700\u9876\u5c42\uff08\u6355\u83b7\u9636\u6bb5\uff09\uff0c\u76f4\u63a5\u628a copy<\/code>\u3001selectstart<\/code> \u4e8b\u4ef6\u7684\u4f20\u64ad\u7ed9\u6390\u65ad\uff0c\u8ba9\u8d85\u661f\u7684\u62e6\u622a\u51fd\u6570\u53d8\u6210\u201c\u778e\u5b50\u201d\u3002<\/p>\n\n\n\n\/\/ \u9876\u5c42\u4e8b\u4ef6\u62e6\u622a\uff08\u6390\u65ad\u8d85\u661f\u7684 JS \u62e6\u622a\u5668\uff09\nconst allowEvents = ['contextmenu', 'copy', 'cut', 'paste', 'selectstart'];\nallowEvents.forEach(ev => {\n document.documentElement.addEventListener(ev, function(e) {\n e.stopPropagation(); \/\/ \u963b\u6b62\u4e8b\u4ef6\u5411\u4e0b\u4f20\u64ad\u5230\u8d85\u661f\u7684\u62e6\u622a\u5668\uff01\n }, true); \/\/ true \u4ee3\u8868\u5728\u6355\u83b7\u9636\u6bb5\u6267\u884c\uff0c\u62e5\u6709\u6700\u9ad8\u4f18\u5148\u7ea7\n});<\/code><\/pre>\n\n\n\n
\n\n\n\n\u7b2c\u4e09\u6b65\uff1a\u7a81\u7834\u7b54\u6848\u8f93\u5165\u6846\u7684\u7c98\u8d34\u9650\u5236\uff08\u539f\u578b\u94fe\u52ab\u6301\uff09<\/h2>\n\n\n\n
beforepaste<\/code> \u4e8b\u4ef6\u6765\u6e05\u7a7a\u526a\u8d34\u677f\u3002<\/p>\n\n\n\n\u4ece\u201c\u4e8b\u540e\u6e05\u7406\u201d\u5230\u201c\u4e8b\u524d\u62e6\u622a\u201d<\/h3>\n\n\n\n
removeListener<\/code> \u4f1a\u56e0\u4e3a\u6267\u884c\u65f6\u673a\u6ede\u540e\u800c\u5f7b\u5e95\u5931\u6548\u3002\u6211\u4eec\u5fc5\u987b\u5728\u9875\u9762\u4efb\u4f55\u811a\u672c\u6267\u884c\u524d\uff08@run-at document-start<\/code>\uff09\uff0c\u76f4\u63a5\u4fee\u6539 UEditor \u7684\u5e95\u5c42\u56fe\u7eb8\uff0c\u8ba9\u5b83\u5148\u5929\u4e27\u5931<\/strong>\u7ed1\u5b9a\u7c98\u8d34\u62e6\u622a\u5668\u7684\u80fd\u529b\u3002<\/p>\n\n\n\nlet _UE;\nObject.defineProperty(window, 'UE', {\n get: function() { return _UE; },\n set: function(val) {\n _UE = val;\n if (_UE && _UE.Editor && _UE.Editor.prototype) {\n const originalAddListener = _UE.Editor.prototype.addListener;\n _UE.Editor.prototype.addListener = function(types, listener) {\n \/\/ \u6838\u5fc3\uff1a\u65e0\u8bba\u524d\u7aef\u4f20\u5165\u4ec0\u4e48\u62e6\u622a\u51fd\u6570\uff0c\u53ea\u8981\u662f\u7c98\u8d34\u4e8b\u4ef6\uff0c\u76f4\u63a5\u4e22\u5f03\uff01\n if (typeof types === 'string' && types.indexOf('paste') !== -1) {\n return this; \n }\n return originalAddListener.apply(this, arguments);\n };\n }\n },\n configurable: true\n});<\/code><\/pre>\n\n\n\neditorPaste<\/code> \u53d8\u91cf\uff0c\u4f46\u8fd9\u4f1a\u5bfc\u81f4\u8d85\u661f\u540e\u7eed\u7684\u4ee3\u7801\u629b\u51fa SyntaxError<\/code>\uff0c\u4ece\u800c\u5f15\u53d1\u201c\u4e0b\u4e00\u9898\u201d\u548c\u201c\u63d0\u4ea4\u201d\u6309\u94ae\u5931\u6548\u7684\u7ea7\u8054\u5d29\u6e83\u3002V6.3 \u7248\u672c\u679c\u65ad\u5e9f\u5f03\u4e86\u8be5\u505a\u6cd5\uff0c\u4ec5\u4fdd\u7559\u5e95\u5c42\u52ab\u6301\uff0c\u5b9e\u73b0\u4e86\u5b8c\u7f8e\u7684\u65e0\u75d5\u7a81\u7834\u3002<\/em><\/p>\n\n\n\n
\n\n\n\n\u7b2c\u56db\u6b65\uff1a\u5e94\u5bf9\u6781\u7aef\u60c5\u51b5\uff08\u7d27\u6025\u6551\u63f4\u9632\u6b7b\u9501\u6a21\u5757\uff09<\/h2>\n\n\n\n
\/\/ 1. \u66b4\u529b\u91ca\u653e\u8d85\u661f\u539f\u751f\u4e1a\u52a1\u9501\nif (typeof window.submitLock !== 'undefined') window.submitLock = 0;\nif (typeof window.saveLock !== 'undefined') window.saveLock = false;\n\n\/\/ 2. \u9690\u85cf\u8d85\u661f\u4e13\u5c5e\u906e\u7f69\u5c42\u4e0e\u5f39\u7a97\uff08\u4e0d\u7834\u574fDOM\u7ed3\u6784\uff0c\u9632\u6b62\u540e\u7eed\u62a5\u9519\uff09\ndocument.querySelectorAll('.maskDiv, .mask-no-bg, #worktoast').forEach(mask => mask.style.display = 'none');\n\n\/\/ 3. \u6062\u590d\u9875\u9762\u6574\u4f53\u4ea4\u4e92\u6743\u9650\ndocument.body.style.pointerEvents = \"auto\";<\/code><\/pre>\n\n\n\n\u7b2c\u4e94\u6b65\uff1a\u7ec8\u6781\u7a81\u7834\u2014\u2014iframe \u5185\u6838\u7ea7\u7c98\u8d34\u52ab\u6301\uff08Final Layer Exploit\uff09<\/h2>\n\n\n\n
beforepaste<\/code> \u62e6\u622a\u5df2\u7ecf\u5931\u6548\u3002\u4f46\u5728\u5b9e\u9645\u6d4b\u8bd5\u4e2d\uff0c\u6211\u53d1\u73b0\u4ecd\u7136\u5b58\u5728\u201c\u65e0\u6cd5\u7c98\u8d34\u201d\u7684\u60c5\u51b5\u3002\u7ecf\u8fc7\u8fdb\u4e00\u6b65\u9006\u5411\u5206\u6790\uff0c\u95ee\u9898\u7684\u6839\u6e90\u9010\u6e10\u6d6e\u51fa\u6c34\u9762\uff1a<\/p>\n\n\n\n\n
\n\n\n\n\u653b\u9632\u76f2\u533a\uff1a\u8de8\u4e0a\u4e0b\u6587\u4e8b\u4ef6\u9694\u79bb<\/h3>\n\n\n\n
\n
paste<\/code><\/li>\n\n\n\naddListener<\/code><\/li>\n\n\n\n\n
\u4e3b\u9875\u9762 document \u2192 \u274c \u65e0\u6cd5\u5f71\u54cd \u2192 iframe.contentDocument<\/pre>\n\n\n\n
\n
paste<\/code><\/li>\n\n\n\n
\n\n\n\n\u964d\u7ef4\u6253\u51fb\uff1a\u76f4\u63a5\u63a5\u7ba1 iframe \u4e8b\u4ef6\u6d41<\/h3>\n\n\n\n
\n
\n
function hookIframePaste() {\n document.querySelectorAll('iframe').forEach(frame => {\n try {\n const doc = frame.contentDocument;\n if (!doc || doc._mist_hooked) return; doc._mist_hooked = true; \/\/ \u6355\u83b7 paste\uff08\u4f18\u5148\u7ea7\u6700\u9ad8\uff09\n doc.addEventListener('paste', function(e) {\n e.stopImmediatePropagation(); const text = (e.clipboardData || window.clipboardData).getData('text'); try {\n \/\/ \u6807\u51c6\u8def\u5f84\n doc.execCommand('insertText', false, text);\n } catch(err) {\n \/\/ fallback\uff08\u517c\u5bb9\u4f4e\u7248\u672c\uff09\n const sel = doc.getSelection();\n if (sel && sel.rangeCount) {\n sel.deleteFromDocument();\n sel.getRangeAt(0).insertNode(doc.createTextNode(text));\n }\n }\n }, true); } catch(err) {\n \/\/ \u8de8\u57df iframe \u81ea\u52a8\u8df3\u8fc7\n }\n });\n}<\/code><\/pre>\n\n\n\n
\n\n\n\n\u52a8\u6001\u73af\u5883\u5bf9\u6297\uff1a\u6301\u7eed\u626b\u63cf\u673a\u5236<\/h3>\n\n\n\n
setInterval(hookIframePaste, 1000);<\/pre>\n\n\n\n
\n
\n\n\n\n\ud83d\ude80 \u7ec8\u6781\u81ea\u52a8\u5316\u5b9e\u73b0\uff08V6.4\uff09<\/h2>\n\n\n\n
\/\/ ==UserScript==\n\/\/ @name \u8d85\u661f\u5b66\u4e60\u901a\u8003\u8bd5\u9650\u5236\u89e3\u9664\u5668\uff08V6.4 \uff09\n\/\/ @namespace http:\/\/tampermonkey.net\/\n\/\/ @version 6.4\n\/\/ @description \u5e95\u5c42\u534f\u8bae\u62e6\u622a\u7c98\u8d34 + \u6839\u8282\u70b9\u53cd\u9003\u9038 + \u5f3a\u5236\u89e3\u9664\u9009\u4e2d\u590d\u5236 + \u60ac\u6d6e\u6b7b\u9501\u89e3\u9664\n\/\/ @author Mist Vulnerability Assistant\n\/\/ @match *:\/\/*.chaoxing.com\/*\n\/\/ @run-at document-start\n\/\/ @grant none\n\/\/ ==\/UserScript==\n \n(function() {\n 'use strict';\n \n console.log(\"[Mist] V6.4\");\n \n \/\/ ========================================================================\n \/\/ \u7ef4\u5ea6\u4e00\uff1aUEditor \u539f\u578b\u94fe\u52ab\u6301 (\u4fdd\u8bc1\u8f93\u5165\u6846\u80fd\u7c98\u8d34)\n \/\/ ========================================================================\n let _UE;\n Object.defineProperty(window, 'UE', {\n get: function() { return _UE; },\n set: function(val) {\n _UE = val;\n if (_UE && _UE.Editor && _UE.Editor.prototype) {\n const originalAddListener = _UE.Editor.prototype.addListener;\n _UE.Editor.prototype.addListener = function(types, listener) {\n if (typeof types === 'string' && types.indexOf('paste') !== -1) {\n return this; \/\/ \u4e22\u5f03\u7c98\u8d34\u62e6\u622a\n }\n return originalAddListener.apply(this, arguments);\n };\n \n const originalGetEditor = _UE.getEditor;\n _UE.getEditor = function(id, opt) {\n if (opt) {\n opt.pasteplain = false;\n opt.disablePasteImage = false;\n }\n return originalGetEditor.call(this, id, opt);\n };\n }\n },\n configurable: true\n });\n \n \/\/ ========================================================================\n \/\/ \u7ef4\u5ea6\u4e8c\uff1a\u65e0\u9650 Debugger \u7ed5\u8fc7 (\u6839\u8282\u70b9\u53cd\u9003\u9038 Hook)\n \/\/ ========================================================================\n const originalFunction = window.Function;\n const blockDebugger = function(...args) {\n const fnStr = args[args.length - 1];\n if (typeof fnStr === 'string' && fnStr.includes('debugger')) {\n return function() {}; \n }\n return originalFunction.apply(this, args);\n };\n \n window.Function = blockDebugger;\n window.Function.prototype = originalFunction.prototype;\n Function.prototype.constructor = blockDebugger; \/\/ \u5c01\u6740\u6784\u9020\u5668\u9003\u9038\n \n const originalEval = window.eval;\n window.eval = function(string) {\n if (typeof string === 'string' && string.includes('debugger')) return;\n return originalEval.apply(this, arguments);\n };\n \n \/\/ ========================================================================\n \/\/ \u7ef4\u5ea6\u4e09\uff1a\u7ec8\u6781\u9009\u4e2d\u4e0e\u590d\u5236\u89e3\u9501 (\u4e8b\u4ef6\u6355\u83b7\u5c42\u963b\u65ad + CSS \u66b4\u529b\u8986\u76d6)\n \/\/ ========================================================================\n function injectUnlockCSS() {\n if (document.getElementById('mist-unlock-css')) return;\n const style = document.createElement('style');\n style.id = 'mist-unlock-css';\n style.textContent = `\n html:not(input):not(textarea):not(select):not(option):not(button),\n html, body, *, [class*=\"notAllowCopy\"] {\n -webkit-touch-callout: text !important;\n -webkit-user-select: text !important;\n -khtml-user-select: text !important;\n -moz-user-select: text !important;\n -ms-user-select: text !important;\n user-select: text !important;\n pointer-events: auto !important;\n }\n ::selection { background: #3390FF !important; color: #fff !important; }\n `;\n (document.head || document.documentElement).appendChild(style);\n }\n \n \/\/ \u9876\u5c42\u4e8b\u4ef6\u62e6\u622a\uff08\u6390\u65ad\u8d85\u661f\u7684 JS \u62e6\u622a\u5668\uff09\n const allowEvents = ['contextmenu', 'copy', 'cut', 'paste', 'selectstart', 'dragstart', 'mousedown', 'mouseup'];\n allowEvents.forEach(ev => {\n document.documentElement.addEventListener(ev, function(e) {\n e.stopPropagation(); \n }, true); \n });\n \n \/\/ \u9ad8\u9891\u52a8\u6001\u6e05\u573a\uff08\u5e94\u5bf9 Ajax \u52a8\u6001\u52a0\u8f7d\u7684\u9898\u76ee\uff09\n function clearInlineHandlers() {\n injectUnlockCSS();\n const elements = [document, window, document.body];\n elements.forEach(el => {\n if (el) {\n el.oncontextmenu = null;\n el.onselectstart = null;\n el.ondragstart = null;\n el.oncopy = null;\n el.oncut = null;\n }\n });\n document.querySelectorAll('[aria-hidden=\"true\"][tabindex]').forEach(el => {\n el.removeAttribute('aria-hidden'); \n });\n }\n \n clearInlineHandlers();\n window.addEventListener('DOMContentLoaded', clearInlineHandlers);\n setInterval(clearInlineHandlers, 2000);\n \n \/\/ ========================================================================\n \/\/ \u7ef4\u5ea6\u56db\uff1a\u7d27\u6025\u6551\u63f4\u6a21\u5757\uff08\u9632\u5361\u6b7b\/\u5f3a\u884c\u89e3\u9501\uff09\n \/\/ ========================================================================\n window.addEventListener('DOMContentLoaded', () => {\n const rescueBtn = document.createElement('div');\n rescueBtn.innerHTML = ' \u89e3\u9664\u6b7b\u9501';\n rescueBtn.title = '\u5f53\u70b9\u51fb\u63d0\u4ea4\u6ca1\u53cd\u5e94\u3001\u6216\u8005\u9875\u9762\u88ab\u906e\u7f69\u5c42\u5361\u6b7b\u65f6\u70b9\u51fb\u6b64\u6309\u94ae';\n rescueBtn.style.cssText = `\n position: fixed; top: 20px; right: 20px; z-index: 9999999;\n background: #ff4d4f; color: white; padding: 8px 12px;\n border-radius: 4px; cursor: pointer; font-size: 14px;\n font-weight: bold; box-shadow: 0 4px 6px rgba(0,0,0,0.3);\n user-select: none; transition: all 0.3s;\n `;\n \n rescueBtn.onmouseover = () => rescueBtn.style.transform = 'scale(1.05)';\n rescueBtn.onmouseout = () => rescueBtn.style.transform = 'scale(1)';\n \n rescueBtn.onclick = function() {\n if (typeof window.submitLock !== 'undefined') window.submitLock = 0;\n if (typeof window.saveLock !== 'undefined') window.saveLock = false;\n \n document.querySelectorAll('.maskDiv, .mask-no-bg, .popSetupShowHide, #worktoast, #workpop, .maskBox').forEach(mask => {\n if (mask) mask.style.display = 'none';\n });\n \n document.body.style.pointerEvents = \"auto\";\n document.body.style.overflow = \"auto\";\n \n document.querySelectorAll('.completeBtn, .jb_btn, a[onclick*=\"submit\"]').forEach(btn => {\n btn.style.pointerEvents = \"auto\";\n btn.style.opacity = \"1\";\n btn.removeAttribute('disabled');\n });\n \n if(confirm(\"UI \u9650\u5236\u5df2\u89e3\u9664\uff01\u662f\u5426\u9700\u8981\u8fdb\u4e00\u6b65\u5f3a\u884c\u7ec8\u6b62\u6240\u6709\u540e\u53f0\u5b9a\u65f6\u5668\uff1f\\n\\n\u8b66\u544a\uff1a\u8fd9\u4f1a\u540c\u65f6\u505c\u6b62\u8003\u8bd5\u5012\u8ba1\u65f6\uff01\\n\u4ec5\u5728\u9875\u9762\u4e00\u76f4\u663e\u793a'\u6b63\u5728\u63d0\u4ea4...'\u4e14\u65e0\u6cd5\u6062\u590d\u65f6\u70b9\u51fb\u3010\u786e\u5b9a\u3011\u3002\")) {\n let highestId = window.setTimeout(function() {}, 0);\n for (let i = 0; i < highestId; i++) {\n window.clearTimeout(i);\n window.clearInterval(i);\n }\n }\n alert(\"\u9875\u9762\u6b7b\u9501\u5df2\u89e3\u9664\uff01\u60a8\u53ef\u4ee5\u91cd\u65b0\u70b9\u51fb\u4fdd\u5b58\u6216\u63d0\u4ea4\u3002\");\n };\n document.body.appendChild(rescueBtn);\n });\n\n \/\/ ========================================================================\n\/\/ \u7ef4\u5ea6\u4e94\uff1aUEditor iframe \u5185\u6838\u7ea7\u7c98\u8d34\u52ab\u6301\uff08\u771f\u6b63\u7834\u89e3\u70b9\uff09\n\/\/ ========================================================================\n\nfunction hookIframePaste() {\n document.querySelectorAll('iframe').forEach(frame => {\n try {\n const doc = frame.contentDocument;\n if (!doc || doc._mist_hooked) return;\n\n doc._mist_hooked = true;\n\n console.log(\"[Mist] \u5df2\u63a5\u7ba1 iframe:\", frame);\n\n \/\/ \u6355\u83b7\u7c98\u8d34\u4e8b\u4ef6\uff08\u6700\u5173\u952e\uff09\n doc.addEventListener('paste', function(e) {\n e.stopImmediatePropagation();\n\n const text = (e.clipboardData || window.clipboardData).getData('text');\n\n \/\/ \u5f3a\u5236\u63d2\u5165\u5185\u5bb9\n try {\n doc.execCommand('insertText', false, text);\n } catch(err) {\n \/\/ fallback\n const sel = doc.getSelection();\n if (sel && sel.rangeCount) {\n sel.deleteFromDocument();\n sel.getRangeAt(0).insertNode(doc.createTextNode(text));\n }\n }\n\n console.log(\"[Mist] iframe \u7c98\u8d34\u5df2\u6ce8\u5165\");\n }, true);\n\n } catch(err) {\n \/\/ \u8de8\u57df iframe \u5ffd\u7565\n }\n });\n}\n\n\/\/ \u6301\u7eed\u626b\u63cf iframe\uff08\u5e94\u5bf9\u52a8\u6001\u52a0\u8f7d\uff09\nsetInterval(hookIframePaste, 1000);\n})();<\/code><\/pre>\n\n\n\n\u603b\u7ed3\u53cd\u601d<\/h2>\n\n\n\n
\n
@run-at document-start<\/code> \u914d\u5408 Object.defineProperty<\/code>\uff0c\u5728\u76ee\u6807\u4ee3\u7801\u6267\u884c\u524d\u201c\u7be1\u6539\u89c4\u5219\u201d\uff0c\u4f7f\u9632\u5fa1\u673a\u5236\u5728\u521d\u59cb\u5316\u9636\u6bb5\u76f4\u63a5\u762b\u75ea\u3002<\/li>\n\n\n\nstopPropagation()<\/code> \u6390\u65ad\u4e8b\u4ef6\u4f20\u64ad\uff0c\u662f\u7834\u89e3\u524d\u7aef\u9632\u590d\u5236\u7684\u6700\u4f18\u89e3\u3002<\/li>\n\n\n\nSyntaxError<\/code>\uff0c\u5426\u5219\u4f1a\u5bfc\u81f4\u9875\u9762\u6b63\u5e38\u529f\u80fd\uff08\u5982\u63d0\u4ea4\u8bd5\u5377\uff09\u762b\u75ea\u3002\u9632\u5b88\u7684\u6700\u9ad8\u5883\u754c\u662f\u201c\u65e0\u75d5\u66ff\u6362\u201d\u3002<\/li>\n<\/ol>\n\n\n\n