如何防止别人下载模板,这个前台的东西目前本身是不可能实现的,毕竟最终要全部交给客户端浏览器去解析的,在这里说的防止别人下载模板的方法,非一般的模板目录重定向。
一般都是通过查看网页源文件中的代码查看模板目录的,昨天晚上需要某招聘网的CSS,看看了源,发现CSS 和JS文件都是通过服务器上输出真实地址的,还是小费了一翻周折手动弄下来了。至于是那个网站在这就不说了,先上他核心代码。
<script type="text/javascript"> var _lp_cdn = function(name, cdn){ var _cdn = /(^|\s|;)_lp_cdn\s*=\s*0($|\s|;)/.test(document.cookie); if(cdn && _cdn) return false; if(!cdn && !_cdn){ var date = new Date(); date.setTime( date.getTime() + ( 1 * 24 * 60 * 60 * 1000 ) ); document.cookie = '_lp_cdn=0;expires='+ date.toGMTString() +';path=/;domain=liepin.com'; } document.write(unescape("%3Cscript src='http://"+ (cdn?"":"i.") +"s.lietou-static.com/"+ name +"?"+ new Date().getTime().toString().substring(0, 7) +"' type='text/javascript'%3E%3C/script%3E")); }; </script> <script type="text/javascript">_lp_cdn("p/beta2/js/version.js", true);</script> <script type="text/javascript">typeof Version === "undefined" && _lp_cdn("p/beta2/js/iversion.js");</script> <!--[if lt IE 9]> <script type="text/javascript">Version.get("html5shiv.js");</script> <![endif]--> <!--[if IE 6]> <script type="text/javascript">Version.get("DD_belatedPNG.js");</script> <script>DD_belatedPNG.fix('.pngfix');</script> <![endif]--></head> <body id="a-home"> <!--头文件--> <!----> <!--[if lt IE 9]> <script type="text/javascript">Version.get("html5shiv.js");</script> <![endif]--> <!--[if IE 6]> <script type="text/javascript">Version.get("DD_belatedPNG.js");</script> <script>DD_belatedPNG.fix('.pngfix');</script> <![endif]--> <script type="text/javascript"> ~function(window, undefined){ var v = window.Version ? window.Version.code || "" : ""; v !== "beta2" && Version.get("/p/beta2/css/updatepackage/p.v8.css","/p/beta2/js/updatepackage/p.v8.js"); }(window); </script>
这是核心代码,单独从/p/beta2/css/updatepackage/p.v8.css ,很难找到这个CSS的真实地址的,
重点在这一行,
document.write(unescape("%3Cscript src='http://"+ (cdn?"":"i.") +"s.lietou-static.com/"+ name +"?"+ new Date().getTime().toString().substring(0, 7) +"' type='text/javascript'%3E%3C/script%3E")); 这里我把他们的域名改成了本地HOST,建了一个HTML测试文件在本地,粘上了他的代码,通过把上面这行JS代码中的unescape删除掉,让他输出一下,结果出来了一个地址。%3Cscript src='http://s.lietou-static.com/p/beta2/js/version.js?1404099' type='text/javascript'%3E%3C/script%3E %3Cscript src='http://i.s.lietou-static.com/p/beta2/js/iversion.js?1404099' type='text/javascript'%3E%3C/script%3E好吧,既然有了JS的地址,于是下载吧,把version.js下载下来保存在本的,打开看了一下,靠,又来var Version={code:"beta2",c:"2.99",s:"http://s.lietou-static.com/",p:"p/beta2/",charset:"utf-8",get:function(){for(var a=0;a<arguments.length;a++){var b=arguments[a].substring(arguments[a].lastIndexOf(".")+1);var c=this.s+(arguments[a].indexOf('/')===0?arguments[a].substring(1):(this.p+b+'/'+arguments[a]))+'?'+this.c;if(b=="css"){document.write(("%3Clink href='"+c+"' rel='stylesheet' type='text/css'/%3E"))}else if(b=="js"){document.write(("%3Cscript src='"+c+"' type='text/javascript' charset='"+this.charset+"'%3E%3C/script%3E"))}}}}; Version.get("common.css","public.css");没办法,把JS保存到测试HTML同一目录一下,把HTML测试文件中刚删掉的unescape再加上,然后把地址换成自己改的域名地址,同时把version.js目录地址换成本地的,这里只针对HTML文件中进行修改,让他调用本地的version.js,目的在于输出真实CSS,好了,再打开version.js,把里面的unescape删除,现在是让他可以输出,注意和HTML文件里不同,删除是输出,又加上是调用,有点绕,好了,走起。。。%3Clink href='http://i.s.lietou-static.com/p/beta2/css/common.css?1.83' rel='stylesheet' type='text/css'/%3E%3Clink href='http://i.s.lietou-static.com/p/beta2/css/public.css?1.83' rel='stylesheet' type='text/css'/%3E%3Cscript src='http://i.s.lietou-static.com/p/beta2/js/lt.core.js?1.83' type='text/javascript' charset='utf-8'%3E%3C/script%3E%3Cscript src='http://i.s.lietou-static.com/p/beta2/js/jquery-1.6.2.min.js?1.83' type='text/javascript' charset='utf-8'%3E%3C/script%3E%3Cscript src='http://i.s.lietou-static.com/p/beta2/js/plugins/jquery.artDialog.js?1.83' type='text/javascript' charset='utf-8'%3E%3C/script%3E%3Cscript src='http://i.s.lietou-static.com/p/beta2/js/plugins/jquery.loadingui.js?1.83' type='text/javascript' charset='utf-8'%3E%3C/script%3E%3Cscript src='http://i.s.lietou-static.com/p/beta2/js/plugins/jquery.tipsui.js?1.83' type='text/javascript' charset='utf-8'%3E%3C/script%3E%3Cscript src='http://i.s.lietou-static.com/p/beta2/js/lt.apps.js?1.83' type='text/javascript' charset='utf-8'%3E%3C/script%3E出来了,哎,直接下载需要的CSS吧,妈的,搞的太麻烦了,不过思路挺好的,我想这样也能防掉一批人了。有这时间还不如自己去写了,只是感觉思路不错,借鉴一下,留下备用。