這個iFrame是惡意彈出窗口的來源嗎？

Question

1）這是什麼意思？

<link rel="dns-prefetch" href="//cpro.baidu.com"> 

2）當使用我的頁面時，我收到惡意彈出窗口。是baidu.com（iframe src）這些彈出窗口的來源？

全碼：

<iframe data-srcdoc="<!DOCTYPE html> 
<html> 
<head> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <meta charset="text/html;charset=utf-8"> 
    <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"> 
    <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate"> 
    <meta http-equiv="Pragma" content="no-cache"> 
    <meta http-equiv="Expires" content="0"> 
    <script>document.charset='utf-8'</script> 
    <link rel="dns-prefetch" href="//cpro.baidu.com"> 
    <link rel="dns-prefetch" href="//www.baidu.com"> 


    <script> 
    function clickevent(n, e) {var w;for (var i = n.split(","), o = 0, r = i.length; r > o; o++)(new Image).src = i[o];try{window !== window.parent.window &amp;&amp; window.parent.window.clickevent &amp;&amp; (w = window.parent.window.clickevent(e));}catch(e){}return w === false ? false: (w &amp;&amp; (e.href += (e.href.indexOf("?") > -1 ? "&amp;": "?") + "sync=" + encodeURIComponent(w)), !0)} 
    </script> 
</head> 
<body oncontextmenu=self.event.returnValue=false> 
    <img src='http://www.baidu.com/img/baidu_jgylogo3.gif?1478733648305' style='display: none;'> 


<div class="slot content padding background border"> 


    <a onclick='return clickevent("", this)' style="text-align: center; width:100%; height:100%; margin: 0px auto;" href="http://ssp.gclick.cn/clk2.html?q=RkZrbTJON1FrTV9zU0VvWVZ5QzBOWlRwQTFzeyJ0IjoxNDc4NzMzNzAyNTU1LCJyIjoiaHR0cDovL2FkeC5wcm8uY24vYz9jPWJkRkpqNkpRRUFmdzcySW5ub2FXeDJPUlRqb1Q1S0VvLXpJZ1hveThCUnhabEVZRkpfUGRoOXRjLWxxX3FuOGxWWDltN2V4alZ2Yjk5V094eU1fa19kcTE3N2haNE9xTUw0dWY4OXVuS1Fua1lwUEhOVEtiM01IUDl2eDEwcW02TWF3NHprdFp6a0t1MkZDVFk5My1VSmFHV2cyOW1MNEFDSVE3UURLdG9SLVpkTC1QX1RqYnV0b3hJVDE3RllNcjdXZ0NYTzl4ZzA1ZXQ1NXJsc2U3VHNyZjJaWmVCR1czM25sdDVvbXIybzBicWlmR3NfWUp4TU5vb2RMeUNSckJnTmR3WTNYSktGLXVsU0N6ay1RVlhWMUdWaER5Q0NvOU4yVFJ4bWFuTmt1NVZjRi1XVnNyOXU2MUdOajN6Z2dxNFVtVm02X0pUbWNqcVJ2RU5VUTZWRlNrN1plUHZnVXYzbWx5NzZhZzQ4Q0g4Z1d6NE5BRDBhZmMxaEhGMUFkOFl5QTQzQ3JIUGEzMmlaS1pjWlpZckZqN0k3X25RNzFRblJJUFg2NS14aUhzbzZ3MGwyYVNraXhwTFN2S2c0TEx5STVyUlhRc0hQbG9WOW9HcmQxaUJGbFE3R29ES3Q2RFE4VDJWZF80M2ZEejdrdy1VOTE3bEFXNklpZVVNd0FEVFh0V2M4cllKNWpqaWZtbFFJRkV5QWxJUzBnbFVZRlVtZjJZZGROcnY1dWNLSjlJVW5pUmdaeXFOSmZva2djOEw1UHB5TXVKdnlhbUtoR3duT01UaGprN01RbktUSHo3dGtqQXREbG5DaE1vbFFrV01DRDVGSEtkUWpSTlc2VkdYMTBQamIwT1g5SVpCNDJWMUVXS2pyN0NGVDZwMk5nSGJfX2Jxa1BRQVduemlrWnpvOTVkZ2RNaWRJQ3UxbWEyTnZ2N0R3IiwiYSI6Im9lbSYmNTcwNGYxYmU5ZWI1ZTgwMTAwNmRkM2M4LTU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOF8xMWFhNGM5ZmIxNTNlYjc3ZmMwY18wODJlMTVkZGExNTgzZTU0NzNlNyIsInUiOiJjYzJkYmJjODY5N2E1YTU3IiwicyI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwicCI6ImU5ZDJjNmJjYWMzYmZhZjUzNmY0IiwidiI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsIm8iOiJ3ZWIifQ" target=_blank > 
     <img width="300" height="250" src="http://7xo1qa.com2.z0.glb.qiniucdn.com/bacd48d6f8ba70e3ec2feb7f95274dac.png" /> 
    </a> 



       <img style="display:none;" src="http://bid.pro.cn/view/?&amp;amp;q=MO-gXNNLaY95P-oSCH0zcO9GEKTTbh66YR-gGeH-frXmIwqnsdsLVBFlJHk3OoMY9RRMs81YfdWKjyTJwBsX1l9nIVFXFlblu_0E_1tOW0y7dISM2hW7pTGLjro64db39i7zGeJmPSjjqVD4HeKzAvijvk3jUZ3_RXzvC2xIEMWgIdUtUCvAR7jR9b3tLdA0u2BPqWRuc1y4MLBe0_XqcbGrzkJcdtJaoNUBfFAqOlsm0GWgoyu4YnYPqEy-0gvIFxNG9QUC7chNxLelOtLwWRbTdfCxiO8NOsBuEq7e9ufOErlWG_dbT7r3k3pCTX3RyrCU3ePyr5RwND-epMcYKkZB7l8DL0WkecA2osryBXdnRzTKLgIlGYBZD4v9eRmh&amp;amp;rid=WCOvhgDpDMR6Y13QAAwl&amp;amp;eff=1&amp;amp;cid=082e15dda1583e5473e7"> 

       <img style="display:none;" src="http://adx.pro.cn/i?i=dY7LTsMwEEX_xUtEJT_qpGHnEiiIUpJWImo2KPbYqSWTmDgFNYh_x4Ut7EY65965n6gfbGs7dIXQJRr02z3Es7p-ej-0uc8ft8mesFKIDxextAB6iJyneG6I1JmWXC8wwTgBYGoRnRB8FHQGVCVSNYpJ0xjOEjOPEIJfWigGq3SUhBDL6mZ0vu7Wt9uJW1V2D8-vbZW_FOmsLcCZ01j-dv4Zc3U5EL6adqe7VXbc0JnY5TXbiH6_FjHmj9LZcPhZ_M-g4PoxUiDQEGlSQ7VOQFFFQJ6pnc4PGcYXlGP09Q0"> 

       <img style="display:none;" src="http://adx.pro.cn/n?n=dY5RT8IwGEX_S58hWVfaMd-KUyQgbpC4sBez9mtHk7LVdmjA-N9t8FXfbnLOvblfaPCmMz26Q2iCvHpfQYz1_cvHsStc8bxjB0wqzj9txMIAKB85zZKZxkLlSlA1T3CSMAAi59EJwUVB5ZBKJmQridCtpoTpWYQQ3MJA6Y1UUeKcL-qH0bqm3zzurtTIql-_nrq6eCuzaVeC1Zex-t38s2abymO6vO4vT8v8vE2nfF80ZMuHw4bHmjsLa8Lx9vifQ8EOY6SAocVCZzpVioFMJQaBvn8A"> 

       <img style="display:none;" src="http://ssp.gclick.cn/verify?v=WVFxc1h0U1FFLUwxU3Jua2NTcERKNmNNd0N3eyJ2aWV3VGltZSI6MTQ3ODczMzcwMjU1NSwiZHNwSUQiOiJvZW0mJjU3MDRmMWJlOWViNWU4MDEwMDZkZDNjOCIsInVwdklEIjoiY2MyZGJiYzg2OTdhNWE1NyIsInNsb3RJRCI6ImQxZGExYmY3ZjJlZTZkYzJjMWRiIiwidmFycyI6IixlOWQyYzZiY2FjM2JmYWY1MzZmNCxfbnNfLDYxYTAzYmE3Njc3Y2M3N2ZhOWRmOTkwOGIxMTc5NGJhLCIsInB1YklEIjoiZTlkMmM2YmNhYzNiZmFmNTM2ZjQiLCJvcmlnaW4iOiJ3ZWIifQ"> 

       <img style="display:none;" src="http://cc.xtgreat.com/cm.gif?dspid=11213&amp;amp;ext=5822ca0f1f25ca006ea56b84"> 

       <img style="display:none;" src="http://cm.api.baifendian.com/Mapping.do?bfd_nid=pro&amp;amp;bfd_client_uid=5822ca0f1f25ca006ea56b84"> 



    <link rel="dns-prefetch" href="//"> 

</div> 


</body> 
</html> 
" src="javascript: try{document.charset= 'UTF-8';window.frameElement.getAttribute('data-srcdoc');}catch(e){document.write('<script>document.domain=\'tv.cctv.com\';document.write(window.frameElement.getAttribute(\'data-srcdoc\'))</script>')}" seamless="" scrolling="no" frameborder="no" border="0" marginwidth="0" marginheight="0" allowtransparency="true" style="width: 100%; height: 100%; background-color: transparent;"></iframe> 

Answer 1

1）：dns-prefetch是用戶試圖遵循鏈接之前解決域名的嘗試。基本上，它減少了用戶延遲。

您可以在Chromium文檔中閱讀更多關於此的信息。

https://www.chromium.org/developers/design-documents/dns-prefetching

2）： 對於初學者來說，你確定這是造成彈出窗口的iframe？要測試它，請從頁面中刪除iframe，並查看彈出窗口是否仍然存在。如果它仍然存在，則iframe應該是而不是。如果不是，那麼它是iframe。繼續閱讀可能的解決方案。

如果你願意使用一些基本的PHP，這個答案將幫助您：

How to block pop-up coming from iframe?

如果不是，請使用​​屬性。只需添加​​到iframe中，像這樣：

<iframe src="" sandbox></iframe> 

根據該文件，​​會：

• 把內容從一個獨特的起源
• 塊的形式提交
• 塊是腳本執行
• 禁用API
• 防止來自目標的鏈接廷其他瀏覽上下文
• 防止內容使用插件（通過，，，或其他）
• 防止上的內容導航其頂層瀏覽上下文 塊自動觸發的特徵（例如自動播放視頻或自動聚焦形式控制）

如果iframe需要使用上述任何功能，我建議使用我提供的PHP腳本。否則，​​可能會干擾頁面的預期用途