What does escape mean? Implement Javascript's escape() function code in PHP

PHP中文网
Release: 2016-07-29 08:43:28
Original
1389 people have browsed it

In Javascript, you can use the escape/unescape() and eval_r() functions for simple transcoding to make ordinary URLs look weird, so that those annoying search crawlers cannot identify the resources you want to hide.

Here, it is generally necessary to pre-encode the normal string into a format that can be interpreted by the JavaScript unescape() function. Taking PHP as an example, you can use the following function to achieve the same function as the escape() function in Javascript:

Code As follows:

<?php 
function escapeToHex($string, $encoding = UTF-8) { 
$return = ; 
for ($x = 0; $x < mb_strlen($string, $encoding); $x ++) { 
$str = mb_substr($string, $x, 1, $encoding); 
if (strlen($str) > 1) { // 多字节字符 
$return .= %u . strtoupper(bin2hex(mb_convert_encoding($str, UCS-2, $encoding))); 
} else { 
$return .= % . strtoupper(bin2hex($str)); 
} 
} 
return $return; 
} 
?>
Copy after login


Suppose we want to hide the following address: http://www.php.cn/
We can use the following script to achieve this:

The code is as follows:

<?php 
// 请自行包含 escapeToHex() 函数定义 
$test = document.write(\<a href="http://www.dirk.sh/assets/uploaded/thisistest.pdf">test</a>\); 
echo <script Language="Javascript">eval_r(unescape(" . escapeToHex($test) . "))</script>; 
?>
Copy after login


If you view the page source code, you will See (because it is too long, so the lines are manually divided, the actual running result should be a complete line):

The code is as follows:

<script Language="Javascript">eval_r(unescape("%64%6F%63%75%6D%65%6E%74%2E%77 \ 
%72%69%74%65%28%27%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77 \ 
%2E%64%69%72%6B%79%65%2E%6E%65%74%2F%75%70%6C%6F%61%64%65%64%2F%74%68%69%73 \ 
%69%73%74%65%73%74%2E%70%64%66%22%3E%74%65%73%74%3C%2F%61%3E%27%29"))</script>
Copy after login


The page displayed in the browser is no different from ordinary html.
Note:
1. The second parameter ($encoding) of the escapeToHex() function indicates the encoding of the string you pass in. The default is UTF-8. If you use other encodings, you should specify it clearly when calling the function;
2. The use of unescape() is opposed in the ECMAScript v3 specification. The specification recommends using the new alternative function decodeURIComponent(). However, after testing, I found that the decodeURIComponent() function has problems with multi-byte character (Chinese) processing, so The unescape() function is still used.
3. In principle, the above method is only to prevent search crawlers from obtaining the resource addresses that you think need to be kept confidential. Browsing the page under a browser that supports Javascript will see exactly the same presentation as if this protection mechanism is not enabled. .

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template