如何只回复我们的网络表单

Posted

技术标签:

【中文标题】如何只回复我们的网络表单【英文标题】:How to respond only to our web form 【发布时间】:2018-09-26 04:06:52 【问题描述】:

这可能是一个通用问题。

我在 example.com 的 Web 服务器上有一个 Web 表单。数据被发布 (POST) 到返回一些数据的 php 页面。

但是如何防止我的 PHP 页面响应托管在任何地方的任何表单副本?

我知道 HTTP_REFERER 是个坏主意,因为它可以在客户端进行更改。 我想到了一个隐藏字段中的 JSON Web Token (JWT),但它可以从表单页面中抓取并在 localhost 表单中使用。

有解决这个问题的安全方法吗?

【问题讨论】:

根据您对 JWT 的想法,您可以通过为用户生成 uniq 值来使用 CRSF 令牌 这是一种变通方法,并不能完全解决您的问题,但您可以创建验证码来防止自动发帖。 【参考方案1】:

没有。

您的网络服务器边缘之外的一切都在您的控制之下。

任何人都可以提交他们喜欢的任何 HTTP 请求,使用他们喜欢的任何客户端(包括他们输入原始 HTTP 命令的telnet 客户端)。

An Anti-CSRF 令牌(这似乎是您使用 JWT 的目的)可以防止第三方欺骗已登录用户提交错误请求:但这是您将获得的最佳效果。

【讨论】:

【参考方案2】:

您正在考虑CRSF Token - 但它可以被 curl 废弃并以任何其他形式使用。正如@Quentin 所提到的 - 它只会变得更难被其他人使用 - 根本不保护你。

【讨论】:

【参考方案3】:

我部分不同意@quentin 的回答。

您可以通过php 创建唯一令牌,将其保存在服务器端并将其传递给obfuscated js 代码块。然后,混淆的js 会将令牌写入COOKIElocal storage,这将用于匹配提交表单时的服务器令牌,更不用说未启用js 的客户端(curl、wget 等)。 ..) 将无法运行此代码。 使用混淆的js 而不是常规的js 的目的是防止没有js 的客户废弃我们的网页,窃取唯一令牌并使用它来冒充有效用户提交表单,如@bigwolks 所述回答。 确保令牌仅在有限时间内有效,以防止重复使用。 此设置需要自定义以适合每个特定项目,但事实证明,它是一种有效的防御措施,可防止我的项目中非 js 客户的自动提交。

混淆js 示例:

var _0x3d71=['\x65\x46\x50\x58\x78','\x45\x55\x70\x63\x6f','\x77\x59\x66\x50\x52','\x75\x56\x65\x65\x61','\x64\x65\x62\x75','\x4e\x69\x50\x59\x57','\x74\x6e\x6d\x67\x55','\x64\x78\x4e\x52\x51','\x75\x79\x48\x65\x45','\x4b\x48\x7a\x6e\x4a','\x66\x72\x64\x6d\x47','\x72\x65\x74\x75\x72\x6e\x20\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x28\x29\x20','\x69\x4d\x4b\x75\x72','\x7b\x7d\x2e\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72\x28\x22\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73\x22\x29\x28\x20\x29','\x77\x64\x4b\x65\x7a','\x67\x54\x7a\x52\x7a','\x52\x75\x6e\x6e\x69\x6e\x67\x20\x61\x6e\x20\x4f\x62\x66\x75\x73\x63\x61\x74\x65\x64\x20\x4a\x61\x76\x61\x53\x63\x72\x69\x70\x74\x20\x42\x6c\x6f\x63\x6b','\x43\x58\x49\x66\x68','\x43\x4b\x4d\x74\x6b','\x61\x70\x70\x6c\x79','\x41\x65\x55\x44\x67','\x55\x59\x70\x4d\x78','\x51\x6c\x45\x41\x4c','\x72\x6b\x4f\x69\x43','\x59\x54\x78\x66\x54','\x5a\x65\x68\x52\x43','\x47\x51\x4a\x70\x65','\x57\x50\x77\x58\x68','\x74\x43\x5a\x79\x43','\x4e\x75\x45\x78\x55','\x52\x43\x43\x7a\x61','\x74\x65\x73\x74','\x75\x58\x46\x44\x76','\x37\x7c\x34\x7c\x32\x7c\x30\x7c\x31\x7c\x33\x7c\x38\x7c\x36\x7c\x35','\x63\x6f\x6e\x73\x6f\x6c\x65','\x73\x70\x6c\x69\x74','\x64\x65\x62\x75\x67','\x77\x61\x72\x6e','\x6c\x6f\x67','\x74\x72\x61\x63\x65','\x64\x56\x6d\x67\x45','\x4e\x74\x72\x45\x62','\x44\x44\x66\x4a\x6f','\x6a\x6c\x5a\x6d\x70','\x72\x56\x43\x75\x63','\x63\x62\x59\x43\x6e','\x4c\x41\x4a\x6e\x68','\x4c\x76\x6f\x6a\x65','\x70\x58\x57\x70\x65','\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72','\x7a\x55\x4b\x64\x70','\x63\x61\x6c\x6c','\x61\x63\x74\x69\x6f\x6e','\x69\x6e\x66\x6f','\x65\x72\x72\x6f\x72','\x65\x78\x63\x65\x70\x74\x69\x6f\x6e','\x79\x6f\x75\x20\x6d\x61\x64\x65\x20\x69\x74','\x42\x62\x41\x6b\x77','\x66\x4f\x75\x41\x75','\x5c\x2b\x5c\x2b\x20\x2a\x28\x3f\x3a\x5f\x30\x78\x28\x3f\x3a\x5b\x61\x2d\x66\x30\x2d\x39\x5d\x29\x7b\x34\x2c\x36\x7d\x7c\x28\x3f\x3a\x5c\x62\x7c\x5c\x64\x29\x5b\x61\x2d\x7a\x30\x2d\x39\x5d\x7b\x31\x2c\x34\x7d\x28\x3f\x3a\x5c\x62\x7c\x5c\x64\x29\x29','\x6c\x6f\x68\x6b\x72','\x56\x42\x61\x4b\x79','\x75\x65\x42\x45\x5a','\x69\x6e\x70\x75\x74','\x53\x65\x71\x61\x74','\x56\x49\x63\x64\x48','\x70\x59\x79\x73\x48','\x72\x73\x4f\x64\x6b','\x63\x73\x45\x71\x63','\x71\x4e\x59\x54\x72','\x52\x4a\x58\x47\x45','\x6b\x45\x48\x78\x43','\x70\x7a\x6c\x6a\x4c','\x6c\x65\x6e\x67\x74\x68','\x62\x5a\x63\x75\x73','\x74\x58\x7a\x4f\x48','\x67\x67\x65\x72','\x73\x72\x66\x73\x43','\x73\x74\x61\x74\x65\x4f\x62\x6a\x65\x63\x74','\x46\x48\x76\x78\x7a','\x46\x71\x54\x51\x51','\x64\x59\x63\x4f\x65','\x43\x4c\x6a\x4e\x69','\x68\x52\x67\x71\x6f','\x6f\x55\x45\x44\x4c','\x6a\x68\x6d\x57\x75','\x65\x42\x68\x61\x61','\x70\x5a\x49\x55\x62','\x71\x5a\x4a\x55\x6f','\x77\x68\x69\x6c\x65\x20\x28\x74\x72\x75\x65\x29\x20\x7b\x7d','\x63\x6f\x75\x6e\x74\x65\x72','\x50\x69\x6d\x78\x6a','\x53\x6c\x79\x43\x4f','\x4f\x56\x76\x6b\x49','\x70\x6d\x77\x51\x61','\x6b\x63\x63\x56\x42','\x72\x68\x4a\x50\x76','\x41\x4e\x44\x47\x57','\x59\x48\x6e\x56\x64','\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x2a\x5c\x28\x20\x2a\x5c\x29','\x6a\x45\x4a\x66\x77','\x56\x77\x56\x43\x4f','\x71\x53\x50\x6c\x6a','\x69\x6e\x69\x74','\x77\x50\x74\x41\x66','\x44\x54\x4b\x6c\x73','\x63\x68\x61\x69\x6e','\x4c\x68\x58\x6b\x6c','\x52\x63\x74\x70\x53','\x45\x42\x45\x6e\x61','\x57\x4e\x4f\x62\x56','\x55\x50\x72\x47\x77','\x53\x70\x79\x72\x47','\x4d\x43\x76\x68\x62','\x57\x67\x54\x41\x4c','\x46\x4c\x6a\x56\x68'];(function(_0x1ce1e8,_0x11cd39)var _0x5acfc0=function(_0x4c0038)while(--_0x4c0038)_0x1ce1e8['push'](_0x1ce1e8['shift']());;_0x5acfc0(++_0x11cd39);(_0x3d71,0x1ba));var _0x40c5=function(_0x1161cb,_0x37896a)_0x1161cb=_0x1161cb-0x0;var _0x1c585d=_0x3d71[_0x1161cb];return _0x1c585d;;function _0x5ca343()var _0x54e445=;_0x54e445[_0x40c5('0x0')]=_0x40c5('0x1');_0x54e445[_0x40c5('0x2')]=_0x40c5('0x3');_0x54e445[_0x40c5('0x4')]=function(_0x5333d8,_0x5b68c2)return _0x5333d8!==_0x5b68c2;;_0x54e445['\x4c\x55\x53\x70\x41']=_0x40c5('0x5');_0x54e445[_0x40c5('0x6')]='\x5c\x2b\x5c\x2b\x20\x2a\x28\x3f\x3a\x5f\x30\x78\x28\x3f\x3a\x5b\x61\x2d\x66\x30\x2d\x39\x5d\x29\x7b\x34\x2c\x36\x7d\x7c\x28\x3f\x3a\x5c\x62\x7c\x5c\x64\x29\x5b\x61\x2d\x7a\x30\x2d\x39\x5d\x7b\x31\x2c\x34\x7d\x28\x3f\x3a\x5c\x62\x7c\x5c\x64\x29\x29';_0x54e445[_0x40c5('0x7')]=function(_0x3ae9a5,_0x40c6cb)return _0x3ae9a5(_0x40c6cb);;_0x54e445[_0x40c5('0x8')]=_0x40c5('0x9');_0x54e445[_0x40c5('0xa')]=function(_0x1701f8,_0x489286)return _0x1701f8+_0x489286;;_0x54e445[_0x40c5('0xb')]=_0x40c5('0xc');_0x54e445[_0x40c5('0xd')]=function(_0x51bf84,_0x4a96ca)return _0x51bf84+_0x4a96ca;;_0x54e445[_0x40c5('0xe')]=_0x40c5('0xf');_0x54e445[_0x40c5('0x10')]=function(_0x24dc40,_0x2bc95e)return _0x24dc40(_0x2bc95e);;_0x54e445[_0x40c5('0x11')]=function(_0x502489,_0x889243)return _0x502489!==_0x889243;;_0x54e445[_0x40c5('0x12')]='\x6b\x6a\x4a\x50\x5a';_0x54e445[_0x40c5('0x13')]=function(_0x25f659,_0x4e1c33,_0xa58c1c)return _0x25f659(_0x4e1c33,_0xa58c1c);;_0x54e445[_0x40c5('0x14')]=_0x40c5('0x15');_0x54e445['\x6e\x59\x55\x72\x6e']=_0x40c5('0x16');_0x54e445['\x4c\x76\x6f\x6a\x65']=function(_0x27b4b5,_0x2ec56f)return _0x27b4b5!==_0x2ec56f;;_0x54e445[_0x40c5('0x17')]=function(_0x27084f,_0x3051bd)return _0x27084f(_0x3051bd);;_0x54e445[_0x40c5('0x18')]=function(_0x3bf408,_0x9bc05)return _0x3bf408+_0x9bc05;;_0x54e445[_0x40c5('0x19')]=_0x40c5('0x1a');_0x54e445[_0x40c5('0x1b')]='\x67\x67\x65\x72';_0x54e445[_0x40c5('0x1c')]=function(_0x311eb0,_0x4b8989)return _0x311eb0===_0x4b8989;;_0x54e445[_0x40c5('0x1d')]='\x49\x55\x7a\x75\x4d';_0x54e445[_0x40c5('0x1e')]=_0x40c5('0x1f');_0x54e445[_0x40c5('0x20')]=function(_0x2d382d,_0x26f7e5)return _0x2d382d+_0x26f7e5;;_0x54e445['\x4c\x41\x4a\x6e\x68']=_0x40c5('0x21');_0x54e445[_0x40c5('0x22')]=_0x40c5('0x23');_0x54e445[_0x40c5('0x24')]=function(_0x8fdef5,_0x42cd50,_0x3618f1)return _0x8fdef5(_0x42cd50,_0x3618f1);;_0x54e445[_0x40c5('0x25')]=_0x40c5('0x26');var _0xd81104=function()var _0x46aefb=;_0x46aefb[_0x40c5('0x27')]=_0x54e445.pmwQa;_0x46aefb[_0x40c5('0x28')]=_0x54e445.rhJPv;var _0xadfab6=!![];return function(_0x32970f,_0x4db575)if(_0x46aefb[_0x40c5('0x28')]!==_0x46aefb[_0x40c5('0x28')])if(_0x4db575)var _0x36bea7=_0x4db575[_0x40c5('0x29')](_0x32970f,arguments);_0x4db575=null;return _0x36bea7;elsevar _0x30ce84=_0xadfab6?function()if(_0x4db575)if(_0x46aefb[_0x40c5('0x27')]!==_0x40c5('0x1'))that=window;elsevar _0x42d1d7=_0x4db575[_0x40c5('0x29')](_0x32970f,arguments);_0x4db575=null;return _0x42d1d7;:function();_0xadfab6=![];return _0x30ce84;;();(function()var _0x5cdb03=;_0x5cdb03[_0x40c5('0x2a')]=function(_0x3a51d7,_0x20e58c)return _0x54e445.YHnVd(_0x3a51d7,_0x20e58c);;_0x5cdb03[_0x40c5('0x2b')]=_0x40c5('0x2c');_0x5cdb03[_0x40c5('0x2d')]=_0x54e445.LUSpA;_0x5cdb03[_0x40c5('0x2e')]=_0x54e445.jEJfw;_0x5cdb03['\x52\x43\x43\x7a\x61']=function(_0x103b67,_0x1642fb)return _0x54e445.VwVCO(_0x103b67,_0x1642fb);;_0x5cdb03[_0x40c5('0x2f')]=_0x54e445.qSPlj;_0x5cdb03[_0x40c5('0x30')]=function(_0x4c373f,_0x41a918)return _0x54e445.wPtAf(_0x4c373f,_0x41a918);;_0x5cdb03['\x65\x72\x58\x7a\x45']=_0x54e445.DTKls;_0x5cdb03[_0x40c5('0x31')]=function(_0x547ff0,_0x585bca)return _0x54e445.LhXkl(_0x547ff0,_0x585bca);;_0x5cdb03[_0x40c5('0x32')]=_0x54e445.RctpS;_0x5cdb03[_0x40c5('0x33')]=function(_0x2d86ca,_0x3ee448)return _0x54e445.WNObV(_0x2d86ca,_0x3ee448);;if(_0x54e445[_0x40c5('0x11')]('\x6b\x6a\x4a\x50\x5a',_0x54e445['\x53\x70\x79\x72\x47']))if(fn)var _0x516284=fn[_0x40c5('0x29')](context,arguments);fn=null;return _0x516284;else_0x54e445[_0x40c5('0x13')](_0xd81104,this,function()if(_0x5cdb03['\x41\x65\x55\x44\x67'](_0x5cdb03[_0x40c5('0x2b')],_0x5cdb03[_0x40c5('0x2b')]))var _0x3e2209=firstCall?function()if(fn)var _0x49b7f2=fn[_0x40c5('0x29')](context,arguments);fn=null;return _0x49b7f2;:function();firstCall=![];return _0x3e2209;elsevar _0x34dbfc=new RegExp(_0x5cdb03[_0x40c5('0x2d')]);var _0x54ce28=new RegExp(_0x5cdb03[_0x40c5('0x2e')],'\x69');var _0x2f754d=_0x5cdb03[_0x40c5('0x34')](_0x577bc3,_0x5cdb03[_0x40c5('0x2f')]);if(!_0x34dbfc[_0x40c5('0x35')](_0x5cdb03[_0x40c5('0x30')](_0x2f754d,_0x5cdb03['\x65\x72\x58\x7a\x45']))||!_0x54ce28['\x74\x65\x73\x74'](_0x5cdb03['\x57\x50\x77\x58\x68'](_0x2f754d,'\x69\x6e\x70\x75\x74')))if(_0x5cdb03['\x74\x43\x5a\x79\x43']!==_0x40c5('0xf'))var _0x2e9330=;_0x2e9330[_0x40c5('0x36')]=_0x40c5('0x37');that[_0x40c5('0x38')]=function(_0x5c010a)var _0x47c9b5=_0x2e9330[_0x40c5('0x36')][_0x40c5('0x39')]('\x7c'),_0x3ea9af=0x0;while(!![])switch(_0x47c9b5[_0x3ea9af++])case'\x30':_0x35be71[_0x40c5('0x3a')]=_0x5c010a;continue;case'\x31':_0x35be71['\x69\x6e\x66\x6f']=_0x5c010a;continue;case'\x32':_0x35be71[_0x40c5('0x3b')]=_0x5c010a;continue;case'\x33':_0x35be71['\x65\x72\x72\x6f\x72']=_0x5c010a;continue;case'\x34':_0x35be71[_0x40c5('0x3c')]=_0x5c010a;continue;case'\x35':return _0x35be71;case'\x36':_0x35be71[_0x40c5('0x3d')]=_0x5c010a;continue;case'\x37':var _0x35be71=;continue;case'\x38':_0x35be71['\x65\x78\x63\x65\x70\x74\x69\x6f\x6e']=_0x5c010a;continue;break;(func);else_0x5cdb03['\x4e\x75\x45\x78\x55'](_0x2f754d,'\x30');else_0x577bc3();)();());var _0x34a7ce=function()var _0x5219ac=!![];return function(_0xa69db9,_0x7fef32)var _0x3caa84=;_0x3caa84[_0x40c5('0x3e')]=function(_0x5cf234,_0x40a8ff)return _0x5cf234!==_0x40a8ff;;_0x3caa84[_0x40c5('0x3f')]=_0x54e445.WgTAL;_0x3caa84['\x44\x44\x66\x4a\x6f']=_0x54e445.nYUrn;var _0x298249=_0x5219ac?function()if(_0x7fef32)if(_0x3caa84['\x64\x56\x6d\x67\x45'](_0x3caa84['\x4e\x74\x72\x45\x62'],_0x3caa84[_0x40c5('0x40')]))var _0x1ae086=_0x7fef32[_0x40c5('0x29')](_0xa69db9,arguments);_0x7fef32=null;return _0x1ae086;elsevar _0x22fb8b=_0x7fef32['\x61\x70\x70\x6c\x79'](_0xa69db9,arguments);_0x7fef32=null;return _0x22fb8b;:function();_0x5219ac=![];return _0x298249;;();var _0x117072=_0x54e445[_0x40c5('0x24')](_0x34a7ce,this,function()var _0x545a29=;_0x545a29[_0x40c5('0x41')]=function(_0x124ec5,_0x1532f9)return _0x54e445.EUpco(_0x124ec5,_0x1532f9);;_0x545a29['\x7a\x55\x4b\x64\x70']=function(_0x29c03e,_0x23dc12)return _0x54e445.wYfPR(_0x29c03e,_0x23dc12);;_0x545a29[_0x40c5('0x42')]=_0x54e445.uVeea;_0x545a29[_0x40c5('0x43')]=_0x54e445.NiPYW;if(_0x54e445['\x74\x6e\x6d\x67\x55'](_0x54e445['\x64\x78\x4e\x52\x51'],_0x54e445[_0x40c5('0x1e')]))_0x545a29[_0x40c5('0x41')](debuggerProtection,0x0);elsevar _0x263cb8=function();var _0x3128cd;tryvar _0x3fa1c1=_0x54e445[_0x40c5('0x17')](Function,_0x54e445[_0x40c5('0x20')](_0x54e445[_0x40c5('0x20')](_0x54e445[_0x40c5('0x44')],_0x54e445[_0x40c5('0x22')]),'\x29\x3b'));_0x3128cd=_0x3fa1c1();catch(_0x4f5054)_0x3128cd=window;if(!_0x3128cd[_0x40c5('0x38')])_0x3128cd[_0x40c5('0x38')]=function(_0x742987)if(_0x54e445[_0x40c5('0x45')](_0x40c5('0x46'),_0x40c5('0x46')))(function()return!![];[_0x40c5('0x47')](_0x545a29[_0x40c5('0x48')](_0x545a29[_0x40c5('0x42')],_0x545a29[_0x40c5('0x43')]))[_0x40c5('0x49')](_0x40c5('0x4a')));elsevar _0x5f0970=;_0x5f0970[_0x40c5('0x3c')]=_0x742987;_0x5f0970[_0x40c5('0x3b')]=_0x742987;_0x5f0970[_0x40c5('0x3a')]=_0x742987;_0x5f0970[_0x40c5('0x4b')]=_0x742987;_0x5f0970[_0x40c5('0x4c')]=_0x742987;_0x5f0970[_0x40c5('0x4d')]=_0x742987;_0x5f0970[_0x40c5('0x3d')]=_0x742987;return _0x5f0970;(_0x263cb8);else_0x3128cd['\x63\x6f\x6e\x73\x6f\x6c\x65']['\x6c\x6f\x67']=_0x263cb8;_0x3128cd[_0x40c5('0x38')][_0x40c5('0x3b')]=_0x263cb8;_0x3128cd[_0x40c5('0x38')]['\x64\x65\x62\x75\x67']=_0x263cb8;_0x3128cd[_0x40c5('0x38')][_0x40c5('0x4b')]=_0x263cb8;_0x3128cd['\x63\x6f\x6e\x73\x6f\x6c\x65']['\x65\x72\x72\x6f\x72']=_0x263cb8;_0x3128cd[_0x40c5('0x38')]['\x65\x78\x63\x65\x70\x74\x69\x6f\x6e']=_0x263cb8;_0x3128cd[_0x40c5('0x38')][_0x40c5('0x3d')]=_0x263cb8;);_0x117072();var _0x34fb91=_0x40c5('0x4e');_0x54e445[_0x40c5('0x17')](alert,_0x54e445[_0x40c5('0x25')]);_0x5ca343();function _0x577bc3(_0x514660)var _0x1b1fd2=;_0x1b1fd2[_0x40c5('0x4f')]=function(_0x2a794a,_0x441a05)return _0x2a794a!==_0x441a05;;_0x1b1fd2[_0x40c5('0x50')]=_0x40c5('0x51');_0x1b1fd2[_0x40c5('0x52')]=function(_0x486481,_0x227078)return _0x486481+_0x227078;;_0x1b1fd2[_0x40c5('0x53')]=_0x40c5('0xc');_0x1b1fd2[_0x40c5('0x54')]=_0x40c5('0x55');_0x1b1fd2[_0x40c5('0x56')]=function(_0x48b4e3,_0x292762)return _0x48b4e3(_0x292762);;_0x1b1fd2[_0x40c5('0x57')]=function(_0x557b71)return _0x557b71();;_0x1b1fd2[_0x40c5('0x58')]=_0x40c5('0x59');_0x1b1fd2['\x4f\x4a\x6c\x68\x68']=function(_0x2147b8,_0xb36779)return _0x2147b8===_0xb36779;;_0x1b1fd2['\x71\x5a\x4a\x55\x6f']='\x73\x74\x72\x69\x6e\x67';_0x1b1fd2[_0x40c5('0x5a')]=function(_0x37945d,_0x5c5b0a)return _0x37945d!==_0x5c5b0a;;_0x1b1fd2[_0x40c5('0x5b')]='\x6b\x42\x59\x51\x59';_0x1b1fd2[_0x40c5('0x5c')]=_0x40c5('0x5d');_0x1b1fd2[_0x40c5('0x5e')]=_0x40c5('0x5f');_0x1b1fd2['\x58\x7a\x45\x7a\x7a']=function(_0x646f20,_0x28b461)return _0x646f20%_0x28b461;;_0x1b1fd2['\x53\x6c\x79\x43\x4f']='\x61\x63\x74\x69\x6f\x6e';_0x1b1fd2[_0x40c5('0x60')]=_0x40c5('0x1a');_0x1b1fd2[_0x40c5('0x61')]=_0x40c5('0x62');_0x1b1fd2[_0x40c5('0x63')]=_0x40c5('0x64');_0x1b1fd2[_0x40c5('0x65')]=function(_0x39b5de,_0x43ee72)return _0x39b5de(_0x43ee72);;_0x1b1fd2[_0x40c5('0x66')]=_0x40c5('0x67');function _0x191459(_0x30583b)var _0x388f10=;_0x388f10[_0x40c5('0x68')]=_0x40c5('0x5');_0x388f10[_0x40c5('0x69')]=_0x1b1fd2.fOuAu;_0x388f10['\x50\x69\x6d\x78\x6a']=function(_0x414841,_0x2eca08)return _0x1b1fd2.lohkr(_0x414841,_0x2eca08);;_0x388f10[_0x40c5('0x6a')]=_0x1b1fd2.VBaKy;_0x388f10[_0x40c5('0x6b')]=_0x1b1fd2.ueBEZ;_0x388f10[_0x40c5('0x6c')]=function(_0x36bff4,_0x2cfa4e)return _0x1b1fd2.Seqat(_0x36bff4,_0x2cfa4e);;_0x388f10['\x59\x65\x44\x50\x4b']=function(_0x2e2e84)return _0x1b1fd2.VIcdH(_0x2e2e84);;if(_0x1b1fd2[_0x40c5('0x58')]===_0x40c5('0x6d'))return![];elseif(_0x1b1fd2['\x4f\x4a\x6c\x68\x68'](typeof _0x30583b,_0x1b1fd2[_0x40c5('0x6e')]))if(_0x1b1fd2[_0x40c5('0x5a')](_0x1b1fd2[_0x40c5('0x5b')],_0x1b1fd2[_0x40c5('0x5c')]))return function(_0x36937a)[_0x40c5('0x47')](_0x40c5('0x6f'))[_0x40c5('0x29')](_0x40c5('0x70'));else_0xabebd0(this,function()var _0xe30cd5=new RegExp(_0x388f10[_0x40c5('0x68')]);var _0x2ebaad=new RegExp(_0x388f10[_0x40c5('0x69')],'\x69');var _0x1f1e74=_0x577bc3('\x69\x6e\x69\x74');if(!_0xe30cd5[_0x40c5('0x35')](_0x388f10[_0x40c5('0x71')](_0x1f1e74,_0x388f10[_0x40c5('0x6a')]))||!_0x2ebaad[_0x40c5('0x35')](_0x388f10[_0x40c5('0x71')](_0x1f1e74,_0x388f10[_0x40c5('0x6b')])))_0x388f10[_0x40c5('0x6c')](_0x1f1e74,'\x30');else_0x388f10['\x59\x65\x44\x50\x4b'](_0x577bc3);)();elseif(_0x1b1fd2[_0x40c5('0x5a')]((''+_0x30583b/_0x30583b)[_0x1b1fd2[_0x40c5('0x5e')]],0x1)||_0x1b1fd2['\x4f\x4a\x6c\x68\x68'](_0x1b1fd2['\x58\x7a\x45\x7a\x7a'](_0x30583b,0x14),0x0))(function()return!![];['\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72'](_0x1b1fd2['\x6c\x6f\x68\x6b\x72'](_0x40c5('0x1a'),_0x40c5('0x62')))[_0x40c5('0x49')](_0x1b1fd2[_0x40c5('0x72')]));else(function()if(_0x1b1fd2[_0x40c5('0x4f')](_0x40c5('0x73'),'\x4f\x56\x76\x6b\x49'))_0x577bc3();elsereturn![];[_0x40c5('0x47')](_0x1b1fd2[_0x40c5('0x52')](_0x1b1fd2[_0x40c5('0x60')],_0x1b1fd2[_0x40c5('0x61')]))[_0x40c5('0x29')](_0x1b1fd2[_0x40c5('0x63')]));_0x1b1fd2[_0x40c5('0x56')](_0x191459,++_0x30583b);tryif(_0x514660)return _0x191459;elseif(_0x1b1fd2[_0x40c5('0x66')]==='\x64\x59\x63\x4f\x65')_0x191459(0x0);else_0x1b1fd2[_0x40c5('0x65')](result,'\x30');catch(_0x2ed0ee)

PS:并不是所有的 javascript 混淆器都是有效的。我发现 obfuscator.io 是最好的选项之一,因为选项数量众多,特别是 Domain lockDebug Protection 选项。 根据创建者的说法,还原混淆代码是“不可能”(请阅读有关“不可能”的 cmets):

【讨论】:

通过混淆获得安全性?听起来是个坏主意 @NicoHaase 在这种情况下没有太多选择,而且从今天开始,您无法取消混淆obfuscator.io。 那么为什么要使用混淆呢?如果令牌写入 cookie,则它存在于客户端 “不,这不可能”完全不正确。这需要大量的手工工作,但人们一直在反转混淆。 是什么让我的机器人无法评估混淆的 JS 代码并从那里读取令牌?

以上是关于如何只回复我们的网络表单的主要内容,如果未能解决你的问题,请参考以下文章

php评论回复功能

如何在评论 div 下打开回复表单 [关闭]

laravel 在循环中停止嵌套回复表单[关闭]

php关于循环、form表单的问题

Discord 机器人如何只回复特定用户?

我可以使用邮戳创建主题回复吗?