|
1
|
/* As an anti-robot defense, <a> elements are initially coded with the |
|
2
|
** href= set to the honeypot, and <form> elements are initialized with |
|
3
|
** action= set to the login page. The real values for href= and action= |
|
4
|
** are held in data-href= and data-action=. The following code moves |
|
5
|
** data-href= into href= and data-action= into action= for all |
|
6
|
** <a> and <form> elements, after CSS has been loaded, and after a delay, |
|
7
|
** and maybe also after mouse movement is seen. |
|
8
|
** |
|
9
|
** Before sourcing this script, create a separate <script> element |
|
10
|
** (with type='application/json' to avoid Content Security Policy issues) |
|
11
|
** containing: |
|
12
|
** |
|
13
|
** {"delay":MILLISECONDS, "mouseover":BOOLEAN} |
|
14
|
** |
|
15
|
** The <script> must have an id='href-data'. DELAY is the number |
|
16
|
** milliseconds delay prior to populating href= and action=. If the |
|
17
|
** mouseover boolean is true, then the href= rewrite is further delayed |
|
18
|
** until the first mousedown event that occurs after the timer expires. |
|
19
|
*/ |
|
20
|
var antiRobot = 0; |
|
21
|
function antiRobotGo(){ |
|
22
|
if( antiRobot!=3 ) return; |
|
23
|
var z = window.getComputedStyle(document.body).zIndex; |
|
24
|
if( z==='0' || z===0 ){ |
|
25
|
antiRobot = 7; |
|
26
|
var anchors = document.getElementsByTagName("a"); |
|
27
|
for(var i=0; i<anchors.length; i++){ |
|
28
|
var j = anchors[i]; |
|
29
|
if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); |
|
30
|
} |
|
31
|
var forms = document.getElementsByTagName("form"); |
|
32
|
for(var i=0; i<forms.length; i++){ |
|
33
|
var j = forms[i]; |
|
34
|
if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action"); |
|
35
|
} |
|
36
|
} |
|
37
|
} |
|
38
|
function antiRobotDefense(){ |
|
39
|
var x = document.getElementById("href-data"); |
|
40
|
var jx = x.textContent || x.innerText; |
|
41
|
var g = JSON.parse(jx); |
|
42
|
if( g.mouseover ){ |
|
43
|
document.body.onmousedown=function(){ |
|
44
|
antiRobot |= 2; |
|
45
|
antiRobotGo(); |
|
46
|
document.body.onmousedown=null; |
|
47
|
} |
|
48
|
document.body.onmousemove=function(){ |
|
49
|
antiRobot |= 2; |
|
50
|
antiRobotGo(); |
|
51
|
document.body.onmousemove=null; |
|
52
|
} |
|
53
|
}else{ |
|
54
|
antiRobot |= 2; |
|
55
|
} |
|
56
|
if( g.delay>0 ){ |
|
57
|
setTimeout(function(){ |
|
58
|
antiRobot |= 1; |
|
59
|
antiRobotGo(); |
|
60
|
}, g.delay) |
|
61
|
}else{ |
|
62
|
antiRobot |= 1; |
|
63
|
} |
|
64
|
window.addEventListener('load',antiRobotGo); |
|
65
|
antiRobotGo(); |
|
66
|
} |
|
67
|
antiRobotDefense(); |
|
68
|
|