Record the egg laying process of a hidden plug-in

Lao Li once made one Encrypted content WeChat focused Z-Blog plug-in The basic function is to hide a piece of content. If the password is entered correctly, the hidden content will be displayed.

The basic principle is to POST the password to the back end, and then add the hidden content to the text if the password is correct. Don't you understand? Nothing, I don't understand.

Then a user contacted Lao Li yesterday and found that my plug-in failed after using the static plug-in.

invalid? This is inevitable!

Because my plug-in is directly POST to the current page!!

The current page has been static, how can I POST!!!

The problem still needs to be solved.

Since this plug-in only guides users to follow the public account, it is not too strict.

So I decided to directly use base64 to encrypt the hidden content. After the password is entered correctly, I will directly decrypt the output. The decryption process will directly use base64.js to decrypt the current page.

In this way, it is simple. Before outputting an article, base64_encode (hidden content) is used, and then the foreground decrypts it directly.

Why is this a stealthy plug-in? Because you only need to check the source code, find a bunch of base64 code, and then directly search a base64 code to decrypt and enter the content.

However, I was thinking that if you follow the public account directly on WeChat to obtain the password, it is better to check the source code, copy the code, find the online decryption, and then decrypt the content. The decrypted content may also be html, which saves much time, right?

What? If you ask me why I don't directly $. ajax to php and judge the output content, I will tell you that I won't?

Okay, $ I also made one for Ajax (), which is used directly in this blog. The following is a demonstration.