How can I prevents banners injected from WiFi access points?

0 投票
最新提问 用户: (140 分)

There's a WiFi access point I connect to during my commute that injects ads onto pages. Is anyone familiar with this? How can I block this sort of thing from the sites I build?

The "how do I prevent JavaScript injections" articles and posts I see are usually for input fields.

2 个回答

0 投票
最新回答 用户: (140 分)

You won't be able to prevent the injections, but you could crawl your html with javascript or use css rules to look for any unwelcome elements and remove them. If the ads are injected with a standard wrapper, you could use that.

$(".wifi-ad").remove()

.wifi-ad { display: none !important }

Or, you could do something like adding a class to all of your elements to identify them as your own code.

$(":not(.myClass)").remove()

*:not(.myClass) { display: none !imporant }
发表于 用户: (100 分)
I don't think it's a good idea to start a game of whack-a-mole with the ISP within the visitor's browser. This is really something that either the user and the ISP need to figure out, or ISPs in general need to be prevented from doing.
发表于 用户: (140 分)
I agree. But if the extent of your reach is the front end of a website, something like this is all you can do. I wouldn't suggest this as a general plan, but only as a patch for a very specific use case.
发表于 用户: (100 分)
this sounds like magic to me,, is there any ISP that injects ads on the pages?? how do thay do that from tech standpoint,, sounds crazy
发表于 用户: (100 分)
@Kresimir Oooh, you soo naïve ;-) HTML pages go through plain HTTP requests through the ISP's servers. Adding a little bit of Javascript or HTML after the <body> or so on the fly is trivial. Quite a few ISPs do so.
发表于 用户: (100 分)
for god sake,, where does this world go to man... going offline now,, thans @deceze :)
0 投票
最新回答 用户: (540 分)

Use TLS (i.e. https://) to serve your pages. Networks can't tamper with traffic that's encrypted and signed.

If you want to ensure that users always access your site with TLS, don't serve pages over HTTP at all; instead, have HTTP requests just respond with a redirect to the equivalent HTTPS URL. To provide additional security, use HSTS to tell your users' browsers that they should always use access your site via HTTPS in the future.

发表于 用户: (100 分)
I was just reading this article macworld.com/article/2976534/privacy/…
发表于 用户: (140 分)
Thank you. I understand using ads to generate income, but putting ads on someone else's page just feels wrong to me.
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...