Reputation: 1336
Stopping HTML element from being modified
I have a malvertising problem.
My website contains a bunch of ad slots that we fill from 2-3 ad networks.
Recently there has been a surge of plugins / extensions that sit in the browser (user some how installed them) and when the page loads they look at all such ad slots and inject their own ad code into it.
This is having an impact on my revenue & more important they inject porn ads that is making me loose readers.
Now one approach that i have is to somehow protect the ad code, Make the div that is encapsulating it non changeable. (can this be done ?) Or any other approach / views on how to stop this ?
UPDATE 1: As @ShivaRaptor pointed out due to cross-domain security restriction, parent JS cannot modify DOM structure in iframe document. - So that takes care of the malvertizers who try to modify the DOM of page.
Now there is one more case left - malvertizers who just detect the location on the div and paste their ad on top of my ad slots. Will making the z-index of the containing DIV max 32 bit value stop them form doing this ?
Upvotes: 1
Views: 590
Answers (2)
Reputation: 40671
Once the request for your web page is filled and your server sends it, that's the end of control you have over it. On the client side, any and all of it can be changed and there's nothing you can do about it.
That's the nature of the web.
Upvotes: 0
Reputation: 707326
If this mal-ware is plugins or extensions in the browser, then there is nothing you can do to keep them from modifying your page. When the user allowed them to be installed in the browser, they opened the door to any type of page modification.
First off, I'd suggest that you really ought to collect some metrics on the actual size of the problem to determine whether it's really something you should spend engineering time on or not. I have no doubt that you have real reports of this happening, but do you know what percent of your viewers this is actually afflicting? If it's a tiny portion of your viewers, then your time may be better spent investing in your site to attract more viewers than trying to deal with this specific piece of mal-ware.
The things I can think of that you could do are:
- Detect if your page has been modified in specific ways and you can either undo what they've done, remove/hide the content they've injected or just attempt to put your page back the way it was.
- Attempt to detect if the plug-in is installed or active in modifying your page and warn your viewer that they have mal-ware that is modifying the site with instructions for how to remove the mal-ware.
- Understand more about why your viewers are allowing this mal-ware to be installed and see if there's either some education or other path you can close down to make it less likely the mal-ware gets installed. For example, if it purports to offer some benefit that your site is lacking, maybe you need that feature.
Upvotes: 2
Related Questions
- Preventing an external source to modify my HTML with Javascript
- Javascript how to prevent adding HTML elements to DOM?
- how to make my html element not participate in elementFromPoint
- How to prevent html/JavaScript code modification
- How to disallow user to remove HTML element manually from DOM?
- How to avoid tampering of javascript / HTML elements
- Is it possible for me to prevent a user from modifying the inner text of an element?
- Prevent element from updating - JQuery
- How to prevent adding elements to a DOM node?
- Prevent element from being manipulated with CSS