In Javascript, you can use the escape/unescape() and eval_r() functions for simple transcoding to make ordinary URLs look weird, so that those annoying search crawlers cannot identify the resources you want to hide.
Here, it is generally necessary to pre-encode the normal string into a format that can be interpreted by the JavaScript unescape() function. Taking PHP as an example, you can use the following function to achieve the same function as the escape() function in Javascript:
Code As follows:
<?php function escapeToHex($string, $encoding = UTF-8) { $return = ; for ($x = 0; $x < mb_strlen($string, $encoding); $x ++) { $str = mb_substr($string, $x, 1, $encoding); if (strlen($str) > 1) { // 多字节字符 $return .= %u . strtoupper(bin2hex(mb_convert_encoding($str, UCS-2, $encoding))); } else { $return .= % . strtoupper(bin2hex($str)); } } return $return; } ?>
Suppose we want to hide the following address: http://www.php.cn/
We can use the following script to achieve this:
The code is as follows:
<?php // 请自行包含 escapeToHex() 函数定义 $test = document.write(\<a href="http://www.dirk.sh/assets/uploaded/thisistest.pdf">test</a>\); echo <script Language="Javascript">eval_r(unescape(" . escapeToHex($test) . "))</script>; ?>
If you view the page source code, you will See (because it is too long, so the lines are manually divided, the actual running result should be a complete line):
The code is as follows:
<script Language="Javascript">eval_r(unescape("%64%6F%63%75%6D%65%6E%74%2E%77 \ %72%69%74%65%28%27%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77 \ %2E%64%69%72%6B%79%65%2E%6E%65%74%2F%75%70%6C%6F%61%64%65%64%2F%74%68%69%73 \ %69%73%74%65%73%74%2E%70%64%66%22%3E%74%65%73%74%3C%2F%61%3E%27%29"))</script>
The page displayed in the browser is no different from ordinary html.
Note:
1. The second parameter ($encoding) of the escapeToHex() function indicates the encoding of the string you pass in. The default is UTF-8. If you use other encodings, you should specify it clearly when calling the function;
2. The use of unescape() is opposed in the ECMAScript v3 specification. The specification recommends using the new alternative function decodeURIComponent(). However, after testing, I found that the decodeURIComponent() function has problems with multi-byte character (Chinese) processing, so The unescape() function is still used.
3. In principle, the above method is only to prevent search crawlers from obtaining the resource addresses that you think need to be kept confidential. Browsing the page under a browser that supports Javascript will see exactly the same presentation as if this protection mechanism is not enabled. .