如何清除ID未知的Interval?
假设有人(邪恶)用 setInterval 设置了一个计时器,但我们不知道它的 ID(我们没有 setInterval 返回的对象的引用,也没有它的值)
(function(){
setInterval(function(){console.log('pwned')},
10000)
})();
是有办法吗,怎么清除呢?是否可以通过其他方式访问计时器?或者至少在特定的浏览器/javascript 引擎中?
David Flanagan 在他的大 JSTDG 中提到了类似的主题。 setInterval()方法,在恶意代码中使用索引中的key指向
...某些浏览器会检测重复的对话框和长时间运行的脚本,并向用户提供 阻止他们的选项。但恶意代码可以使用 setInterval() 等方法来 加载 CPU,还可以通过分配大量内存来攻击您的系统。有 Web 浏览器没有通用的方法可以防止这种笨手笨脚的攻击。在 实际上,这并不是网络上的常见问题,因为没有人返回到该网站 参与这种脚本滥用!
Say someone (evil) has set us a timer with setInterval, but we don't know its ID (we don't have the reference to the object, that setInterval is returning, nor its value)
(function(){
setInterval(function(){console.log('pwned')},
10000)
})();
Is there a way, how to clear it? Is it possible to acces the timer some other way? Or at least in particular browser/javascript engine?
David Flanagan touches similar topic his big JSTDG.setInterval() method, use in malicious code key in the index points to
... Some browsers detect repeated dialog boxes and long-running scripts and give the user
the option to stop them. But malicious code can use methods such as setInterval() to
load the CPU and can also attack your system by allocating lots of memory. There is
no general way that web browsers can prevent this kind of ham-handed attack. In
practice, this is not a common problem on the Web since no one returns to a site that
engages in this kind of scripting abuse!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
我通过使用 localstorage 解决了这个问题,保存了 setInterval 的 id,并稍后拾取它以清除该间隔。
I solved it by using localstorage, saving there the id of the setInterval, and picking up it later in order to clear that interval..
从快速测试来看,所有主要浏览器(最新的 Chrome、Firefox 和 IE)都会给出相当小的数字作为 ID,因此只需“盲目”循环所有可能的数字就应该可以正常工作:
完整示例:
这将停止所有间隔,当然在不知道其 ID 的情况下无法停止特定间隔。
正如您可以自己测试的那样,它应该适用于上述所有主要浏览器。
From quick test, all major browsers (latest Chrome, Firefox and IE) give pretty small numbers as the ID so just looping "blindly" over all possible numbers should work just fine:
Full example:
This will stop all intervals, can't stop specific interval without knowing its ID of course.
As you can test for yourself, it should work on all major browsers mentioned above.
好吧,Chrome 中的经验试验表明
setInterval返回一个数字,每次调用都会递增。因此,如果您确定 setInterval 是最后一个设置,则以下设置会起作用:但我不确定我是否会推荐此操作;-)
Well, empirically trials in Chrome show that
setIntervalreturns a number which increments for each call. So if you are SURE that you setInterval was the last one set the following would work :I'm not sure I would recommend this though ;-)
我尝试了 #Shadow Wizard 建议的方法,它有效地清除了间隔。然而,这种做法后来却产生了副作用。在我的特定情况下,清除所有间隔后我无法使用 jquery.fadeTo() 。
我选择的方法是一个更干净的解决方案,即重新定义 setInterval 方法并将间隔 id 保存在重新定义的方法中。如此处所示,我将 ids 放入一个数组中,然后清除所有它们。通过对存储数组的结构进行进一步细化,您可以对它们进行标记并有选择地清除它们。
这似乎有效!
I tried the approach suggested by #Shadow Wizard and it worked in clearing the interval. However, this approach had side effects afterwards. In my particular case, I was unable use jquery.fadeTo() after clearing all of the intervals.
The approach that I settled on is a cleaner solution, which is to redefine the setInterval method and save the interval ids in the re-defined methods. As shown here, I put the the ids into an array and then clear all of them. With a little more refinement of the structure to store the arrays, you could label them and clear them selectively.
This seems to work!
这与影子的答案有相同的警告。我认为它的效率更高一些,并且会停止超过 100,000 次的超时和间隔。
This has the same caveats as Shadow's answer. I think it is a little more efficient and will stop timeouts and intervals beyond the 100,000th one.