刚刚看到的 http://upnorthtrip.com/historystuffing/
HTML5提供了操作浏览器历史记录的API
通过
history.pushState([data],[title],[url])
方法能够将指定的URL添加到浏览器历史记录
比如你push了sampleurl.com,当你下次在地址栏输入sample时,浏览器就会给出提示
demo很简单
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| var historyStuffing = {
//初始化,浏览器支持就填充历史记录,否则提示不支持
init: function () {
if (this.checkSupport) {
this.stuffHistory(this.keywords());
} else {
alert("Sorry, your browser doesn't support History API, therefore the demo will not work.");
}
},
//检查浏览器支持,需要存在window.history和history.pushState才行
checkSupport: function () {
return !!(window.history && history.pushState);
},
//填充列表中的url到历史记录
stuffHistory: function (data) {
for (var i = 0; i < data.length; i++) {
window.history.pushState(null, null, "/?domain=" + data[i]);
if (window.chrome) {
document.title = "<- CLICK HERE";
} else {
document.title = "CLICK HERE";
}
if(i == data.length-1){
document.title = "History stuffing with HTML5 - upnorthtrip";
window.history.pushState(null, null, "/historystuffing");
document.getElementById("status").innerHTML = "<br />Completed!<br />Now type a domain such as <b>chase.com</b> in your location bar.";
}
}
},
keywords: function () {
return Array(要填充的url列表)
}
}
|
这也带来了风险,比如钓鱼页面利用关键字填充,或者url跳转到子域名进行cookie stuffing
也可以填充通用的搜索关键字how,why之类的,总之就是增加用户访问的可能性