-3

1) What does this mean?

<link rel="dns-prefetch" href="//cpro.baidu.com">

2) When using my page, I get malicious popups. Is baidu.com (the iframe src) the source of these popups?

pop up ad snapshot

Full Code: 

<iframe data-srcdoc="<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta charset="text/html;charset=utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Expires" content="0">
    <script>document.charset='utf-8'</script>
    <link rel="dns-prefetch" href="//cpro.baidu.com">
    <link rel="dns-prefetch" href="//www.baidu.com">


    <script>
    function clickevent(n, e) {var w;for (var i = n.split(","), o = 0, r = i.length; r > o; o++)(new Image).src = i[o];try{window !== window.parent.window &amp;&amp; window.parent.window.clickevent &amp;&amp; (w = window.parent.window.clickevent(e));}catch(e){}return w === false ? false: (w &amp;&amp; (e.href += (e.href.indexOf("?") > -1 ? "&amp;": "?") + "sync=" + encodeURIComponent(w)), !0)}
    </script>
</head>
<body oncontextmenu=self.event.returnValue=false>
    <img src='http://www.baidu.com/img/baidu_jgylogo3.gif?1478733648305' style='display: none;'>


<div class="slot content padding background border">


    <a onclick='return clickevent("", this)' style="text-align: center; width:100%; height:100%; margin: 0px auto;" href="http://ssp.gclick.cn/clk2.html?q=RkZrbTJON1FrTV9zU0VvWVZ5QzBOWlRwQTFzeyJ0IjoxNDc4NzMzNzAyNTU1LCJyIjoiaHR0cDovL2FkeC5wcm8uY24vYz9jPWJkRkpqNkpRRUFmdzcySW5ub2FXeDJPUlRqb1Q1S0VvLXpJZ1hveThCUnhabEVZRkpfUGRoOXRjLWxxX3FuOGxWWDltN2V4alZ2Yjk5V094eU1fa19kcTE3N2haNE9xTUw0dWY4OXVuS1Fua1lwUEhOVEtiM01IUDl2eDEwcW02TWF3NHprdFp6a0t1MkZDVFk5My1VSmFHV2cyOW1MNEFDSVE3UURLdG9SLVpkTC1QX1RqYnV0b3hJVDE3RllNcjdXZ0NYTzl4ZzA1ZXQ1NXJsc2U3VHNyZjJaWmVCR1czM25sdDVvbXIybzBicWlmR3NfWUp4TU5vb2RMeUNSckJnTmR3WTNYSktGLXVsU0N6ay1RVlhWMUdWaER5Q0NvOU4yVFJ4bWFuTmt1NVZjRi1XVnNyOXU2MUdOajN6Z2dxNFVtVm02X0pUbWNqcVJ2RU5VUTZWRlNrN1plUHZnVXYzbWx5NzZhZzQ4Q0g4Z1d6NE5BRDBhZmMxaEhGMUFkOFl5QTQzQ3JIUGEzMmlaS1pjWlpZckZqN0k3X25RNzFRblJJUFg2NS14aUhzbzZ3MGwyYVNraXhwTFN2S2c0TEx5STVyUlhRc0hQbG9WOW9HcmQxaUJGbFE3R29ES3Q2RFE4VDJWZF80M2ZEejdrdy1VOTE3bEFXNklpZVVNd0FEVFh0V2M4cllKNWpqaWZtbFFJRkV5QWxJUzBnbFVZRlVtZjJZZGROcnY1dWNLSjlJVW5pUmdaeXFOSmZva2djOEw1UHB5TXVKdnlhbUtoR3duT01UaGprN01RbktUSHo3dGtqQXREbG5DaE1vbFFrV01DRDVGSEtkUWpSTlc2VkdYMTBQamIwT1g5SVpCNDJWMUVXS2pyN0NGVDZwMk5nSGJfX2Jxa1BRQVduemlrWnpvOTVkZ2RNaWRJQ3UxbWEyTnZ2N0R3IiwiYSI6Im9lbSYmNTcwNGYxYmU5ZWI1ZTgwMTAwNmRkM2M4LTU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOF8xMWFhNGM5ZmIxNTNlYjc3ZmMwY18wODJlMTVkZGExNTgzZTU0NzNlNyIsInUiOiJjYzJkYmJjODY5N2E1YTU3IiwicyI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwicCI6ImU5ZDJjNmJjYWMzYmZhZjUzNmY0IiwidiI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsIm8iOiJ3ZWIifQ" target=_blank >
        <img width="300" height="250" src="http://7xo1qa.com2.z0.glb.qiniucdn.com/bacd48d6f8ba70e3ec2feb7f95274dac.png" />
    </a>



                <img style="display:none;" src="http://bid.pro.cn/view/?&amp;amp;q=MO-gXNNLaY95P-oSCH0zcO9GEKTTbh66YR-gGeH-frXmIwqnsdsLVBFlJHk3OoMY9RRMs81YfdWKjyTJwBsX1l9nIVFXFlblu_0E_1tOW0y7dISM2hW7pTGLjro64db39i7zGeJmPSjjqVD4HeKzAvijvk3jUZ3_RXzvC2xIEMWgIdUtUCvAR7jR9b3tLdA0u2BPqWRuc1y4MLBe0_XqcbGrzkJcdtJaoNUBfFAqOlsm0GWgoyu4YnYPqEy-0gvIFxNG9QUC7chNxLelOtLwWRbTdfCxiO8NOsBuEq7e9ufOErlWG_dbT7r3k3pCTX3RyrCU3ePyr5RwND-epMcYKkZB7l8DL0WkecA2osryBXdnRzTKLgIlGYBZD4v9eRmh&amp;amp;rid=WCOvhgDpDMR6Y13QAAwl&amp;amp;eff=1&amp;amp;cid=082e15dda1583e5473e7">

                <img style="display:none;" src="http://adx.pro.cn/i?i=dY7LTsMwEEX_xUtEJT_qpGHnEiiIUpJWImo2KPbYqSWTmDgFNYh_x4Ut7EY65965n6gfbGs7dIXQJRr02z3Es7p-ej-0uc8ft8mesFKIDxextAB6iJyneG6I1JmWXC8wwTgBYGoRnRB8FHQGVCVSNYpJ0xjOEjOPEIJfWigGq3SUhBDL6mZ0vu7Wt9uJW1V2D8-vbZW_FOmsLcCZ01j-dv4Zc3U5EL6adqe7VXbc0JnY5TXbiH6_FjHmj9LZcPhZ_M-g4PoxUiDQEGlSQ7VOQFFFQJ6pnc4PGcYXlGP09Q0">

                <img style="display:none;" src="http://adx.pro.cn/n?n=dY5RT8IwGEX_S58hWVfaMd-KUyQgbpC4sBez9mtHk7LVdmjA-N9t8FXfbnLOvblfaPCmMz26Q2iCvHpfQYz1_cvHsStc8bxjB0wqzj9txMIAKB85zZKZxkLlSlA1T3CSMAAi59EJwUVB5ZBKJmQridCtpoTpWYQQ3MJA6Y1UUeKcL-qH0bqm3zzurtTIql-_nrq6eCuzaVeC1Zex-t38s2abymO6vO4vT8v8vE2nfF80ZMuHw4bHmjsLa8Lx9vifQ8EOY6SAocVCZzpVioFMJQaBvn8A">

                <img style="display:none;" src="http://ssp.gclick.cn/verify?v=WVFxc1h0U1FFLUwxU3Jua2NTcERKNmNNd0N3eyJ2aWV3VGltZSI6MTQ3ODczMzcwMjU1NSwiZHNwSUQiOiJvZW0mJjU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOCIsInVwdklEIjoiY2MyZGJiYzg2OTdhNWE1NyIsInNsb3RJRCI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwidmFycyI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsInB1YklEIjoiZTlkMmM2YmNhYzNiZmFmNTM2ZjQiLCJvcmlnaW4iOiJ3ZWIifQ">

                <img style="display:none;" src="http://cc.xtgreat.com/cm.gif?dspid=11213&amp;amp;ext=5822ca0f1f25ca006ea56b84">

                <img style="display:none;" src="http://cm.api.baifendian.com/Mapping.do?bfd_nid=pro&amp;amp;bfd_client_uid=5822ca0f1f25ca006ea56b84">



    <link rel="dns-prefetch" href="//">

</div>


</body>
</html>
" src="javascript: try{document.charset= 'UTF-8';window.frameElement.getAttribute('data-srcdoc');}catch(e){document.write('<script>document.domain=\'tv.cctv.com\';document.write(window.frameElement.getAttribute(\'data-srcdoc\'))</script>')}" seamless="" scrolling="no" frameborder="no" border="0" marginwidth="0" marginheight="0" allowtransparency="true" style="width: 100%; height: 100%; background-color: transparent;"></iframe>
mancestr
  • 969
  • 3
  • 13
  • 34
Kelvin
  • 3
  • 1

1 Answers1

0

1) : dns-prefetch is an attempt to resolve domain names before a user tries to follow a link. Basically, it reduces user latency.

You can read more about this at the Chromium documentation.

https://www.chromium.org/developers/design-documents/dns-prefetching

2) : For starters, are you sure it's the iframe causing the popups? To test this, remove the iframe from the page, and see if the popup still occurs. If it still occurs, the iframe is not to blame. If not, then it's the iframe. Keep reading for possible solutions.

If you're willing to use some basic PHP, this answer will help you:

How to block pop-up coming from iframe?

If not, use the sandbox attribute. Simply add sandbox to the iframe, like so:

<iframe src="" sandbox></iframe>

According to the documentation, sandbox will:

  • treat the content as being from a unique origin
  • block form submission
  • block script execution
  • disable APIs
  • prevent links from targeting other browsing contexts
  • prevent content from using plugins (through , , , or other)
  • prevent the content to navigate its top-level browsing context block automatically triggered features (such as automatically playing a video or automatically focusing a form control)

If the iframe needs to use any of the above to function, I suggest using the PHP script I provided. Otherwise, sandbox may interfere with the intended purpose of the page

Community
  • 1
  • 1
mancestr
  • 969
  • 3
  • 13
  • 34