问题描述
var inj = function(){
var data = {
'r': -3,'g': 2,'b': 4}
const toBlob = HTMLCanvasElement.prototype.toBlob;
const toDataURL = HTMLCanvasElement.prototype.toDataURL;
HTMLCanvasElement.prototype.spoofcanvas = function() {
const {width,height} = this;
const context = this.getContext('2d');
const matt = context.getimageData(0,width,height);
for (let i = 0; i < height; i += 3) {
for (let j = 0; j < width; j += 3) {
const n = ((i * (width * 4)) + (j * 4));
matt.data[n + 0] = matt.data[n + 0] + data.r;
matt.data[n + 1] = matt.data[n + 1] + data.g;
matt.data[n + 2] = matt.data[n + 2] + data.b;
}
}
context.putimageData(matt,0);
};
Object.defineProperty(HTMLCanvasElement.prototype,'toBlob',{
value: function() {
this.spoofcanvas();
return toBlob.apply(this,arguments);
}
});
Object.defineProperty(HTMLCanvasElement.prototype,'toDataURL',{
value: function() {
this.spoofcanvas();
return toDataURL.apply(this,arguments);
}
});
}
inj();
我将此代码放到
string canvas = @"
sample js code
";
然后注入样品:
br.instance.browser.InjectJsHandler = new Handler<InjectJsParameters>(args =>
{
IJsObject donecanvas = args.Frame.ExecuteJavaScript<IJsObject>(canvas).Result;
});
如果我在https://ipleak.com/full-report/中检查了欺骗画布,则此代码有效 但是如果我签入https://browserleaks.com/canvas
,它的代码将无法正常工作浏览器中没有允许脚本的沙箱iframe中的问题,js在框架中不起作用。 如何使用DotNetbrowser在iframe中执行js代码? 当我在浏览器泄漏中执行此代码时,我遇到了js错误-在“ about:blank”中阻止了脚本执行,因为该文档的框架已被沙盒化,并且未设置“ allow-scripts”权限。
解决方法
现在一种方法-在创建脚本上下文之前修改所有iframe的响应并更改属性,示例在此处编写-https://stackoverflow.com/a/64731614/10436603