wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
c2124dce00aacb5cee34fc879d9102c6cb94d8ff
ewoooc/templates/ewoooc_base.html
OoO 75de76ac12
Some checks failed
CD Pipeline / deploy (push) Has been cancelled
Details
fix(momo): block EC404 auto-open with end-to-end URL guard 
- normalize URLs at write time (scheduler crawlers, routes) to drop
  javascript:/EC404/placeholder i_code (momo_/manual_/pchome_)
- add global click+auxclick guard in base.html and ewoooc_base.html
  that intercepts blocked MOMO URLs and redirects to safe i_code URL
- per-page dashboards reuse the same isLikelyMomoIcode validation
- /api/track_momo_link records blocked events for diagnosis
- ship sanitize_momo_urls.py to clean existing polluted DB rows

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 12:00:34 +08:00

329 lines
13 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="zh-TW">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="csrf-token" content="{{ csrf_token() }}">
<title>{% block title %}EwoooC{% endblock %}</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500;600;700;800&family=Noto+Sans+TC:wght@400;500;600;700;800&display=swap" rel="stylesheet">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<link rel="stylesheet" href="{{ url_for('static', filename='css/ewoooc-tokens.css') }}">
<link rel="stylesheet" href="{{ url_for('static', filename='css/ewoooc-shell.css') }}">
{% block extra_css %}{% endblock %}
</head>
<body class="momo-v2-body">
<div class="momo-app momo-shell" id="momo-shell">
{% include 'components/_ewoooc_shell.html' %}
{% set _next_run = next_run|default(None) %}
{% set _session_username = session.get('username') if session is defined else None %}
{% set _session_role = session.get('role') if session is defined else None %}
{% set _is_logged_in = session.get('logged_in') if session is defined else false %}
<section class="momo-main-shell">
<header class="momo-topbar">
<button class="momo-mobile-menu-button" type="button" data-momo-sidebar-toggle aria-label="開啟主選單">
<i class="fas fa-bars"></i>
</button>
<form class="momo-search-box" role="search" method="GET" action="/">
<i class="fas fa-search" aria-hidden="true"></i>
<input class="momo-search-input momo-mono" type="search" name="q" value="{{ search_query|default('') }}" placeholder="搜尋商品名稱、編號、品牌...">
<kbd class="momo-shortcut momo-mono">⌘K</kbd>
</form>
<div class="momo-topbar-spacer"></div>
{% if _next_run %}
<div class="momo-topbar-pill momo-mono">
<span class="momo-live-dot"></span>
<span>下次排程</span>
<strong>{{ _next_run }}</strong>
</div>
{% endif %}
<button class="momo-icon-button" type="button" title="說明">
<i class="fas fa-circle-question"></i>
</button>
<button class="momo-icon-button" type="button" title="通知">
<i class="fas fa-bell"></i>
</button>
{% if _is_logged_in %}
<button class="momo-user-chip" type="button">
<span class="momo-avatar">{{ (_session_username or '已')[:1] }}</span>
<span class="momo-user-meta">
<span class="momo-user-name">{{ _session_username or '已登入' }}</span>
{% if _session_role %}
<span class="momo-user-role">{{ _session_role }}</span>
{% endif %}
</span>
<i class="fas fa-chevron-down" aria-hidden="true"></i>
</button>
{% endif %}
</header>
<main class="momo-content">
{% block ewooo_content %}{% endblock %}
</main>
</section>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
<!-- MOMO 404 防呆攔截:避免自動打開 EC404 頁面 -->
<script>
(function () {
if (window.__momoLinkGuardInstalled) {
return;
}
window.__momoLinkGuardInstalled = true;
const MOMO_HOSTS = new Set(['www.momoshop.com.tw', 'm.momoshop.com.tw']);
const MOMO_CODE_RE = /^[A-Za-z0-9_-]{4,}$/;
const toText = value => (value == null ? '' : String(value));
const hasMomoHost = function (url) {
const target = toText(url).trim();
if (!target) {
return false;
}
try {
const parsed = new URL(target, location.origin);
return MOMO_HOSTS.has((parsed.hostname || '').toLowerCase());
} catch (error) {
return /(^|\/)m(?:\.momoshop\.com\.tw|\.momoshop\.com\.tw)(\/|$)|www\.momoshop\.com\.tw/i.test(target);
}
};
const isBlockedMomoUrl = function (url) {
const lowered = toText(url).toLowerCase();
if (lowered.includes('ec404.html') || lowered.includes('/ecm/js/err404/')) {
return true;
}
try {
const parsed = new URL(url, location.origin);
const path = (parsed.pathname || '').toLowerCase();
if (!path.includes('goodsdetail')) {
return false;
}
const iCode = (parsed.searchParams.get('i_code') || '').trim();
if (iCode) {
return !isLikelyMomoIcode(iCode);
}
return !/\/goodsdetail\/[^/?#]+/i.test(path);
} catch (error) {
const hasGoodsDetail = /goodsdetail\.jsp/i.test(lowered);
if (!hasGoodsDetail) {
return false;
}
const hasIcode = /[?&]i_code=([^&#]+)/i.test(lowered);
if (!hasIcode) {
return true;
}
const match = /[?&]i_code=([^&#]+)/i.exec(lowered);
const extracted = match ? (match[1] || '').trim() : '';
return !isLikelyMomoIcode(extracted);
}
};
const isLikelyMomoIcode = function (value) {
const cleaned = toText(value).trim();
if (!cleaned) {
return false;
}
const lowered = cleaned.toLowerCase();
if (lowered === 'nan' || lowered === 'none' || lowered === 'null' || lowered === 'undefined') {
return false;
}
if (lowered.startsWith('momo_')) {
return false;
}
return MOMO_CODE_RE.test(cleaned);
};
const getIcodeFromUrl = function (url) {
const target = toText(url).trim();
if (!target) {
return '';
}
try {
const parsed = new URL(target, location.origin);
const iCode = parsed.searchParams.get('i_code');
if (iCode) {
return iCode.trim();
}
} catch (error) {
// ignore
}
const match = /[?&]i_code=([^&#]+)/i.exec(target);
return match ? decodeURIComponent(match[1] || '').trim() : '';
};
const buildSafeMomoUrl = function (iCode) {
const cleaned = toText(iCode).trim();
if (!isLikelyMomoIcode(cleaned)) {
return '';
}
return `https://www.momoshop.com.tw/goods/GoodsDetail.jsp?i_code=${encodeURIComponent(cleaned)}`;
};
const resolveSafeUrl = function (link, href) {
const original = toText(link.dataset && link.dataset.momoOriginalUrl).trim();
const explicit = toText(link.dataset && (link.dataset.trackIcode || link.dataset.trackProductId)).trim();
const fallbackCode = explicit || getIcodeFromUrl(original) || getIcodeFromUrl(href);
if (fallbackCode) {
return buildSafeMomoUrl(fallbackCode);
}
return '#';
};
const openMomoUrl = function (link, url) {
if (!url || url === '#') {
return;
}
const target = toText(link.getAttribute('target') || '_self').toLowerCase();
if (target === '_blank') {
window.open(url, '_blank', 'noopener,noreferrer');
return;
}
if (target === '_self' || target === '' ) {
window.location.href = url;
return;
}
window.open(url, target);
};
const trackMomoLink = function (payload) {
const csrfToken = document.querySelector('meta[name="csrf-token"]')?.getAttribute('content');
const body = {
status: 'tracked',
...payload
};
const headers = {
'Content-Type': 'application/json'
};
if (csrfToken) {
headers['X-CSRFToken'] = csrfToken;
}
fetch('/api/track_momo_link', {
method: 'POST',
headers,
body: JSON.stringify(body),
keepalive: true
}).catch(() => {});
};
const guardMomoLink = function (event) {
if (event.defaultPrevented) {
return;
}
if (event.type === 'click' && event.button && event.button !== 0) {
return;
}
if (event.type === 'auxclick' && event.button !== 1) {
return;
}
const link = event.target.closest ? event.target.closest('a') : null;
if (!link) {
return;
}
const href = toText(link.getAttribute('href') || '').trim();
if (!href || href === '#') {
return;
}
const isTrackedClass = link.classList && link.classList.contains('momo-tracked-link');
const raw = toText(link.getAttribute('href') || '').trim();
const original = toText(link.dataset && link.dataset.momoOriginalUrl).trim();
if (!isTrackedClass && !hasMomoHost(raw) && !hasMomoHost(original)) {
return;
}
const blocked = isBlockedMomoUrl(href) || isBlockedMomoUrl(original);
const payload = {
url: original || href,
page: location.pathname,
source: toText(link.dataset && link.dataset.trackSource) || 'auto-guard',
platform: toText(link.dataset && link.dataset.trackPlatform) || 'momo',
product_id: toText(link.dataset && link.dataset.trackProductId) || '',
i_code: toText(link.dataset && link.dataset.trackIcode) || '',
product_name: toText(link.dataset && link.dataset.trackProductName) || '',
label: toText(link.textContent || '').trim(),
effective_url: href,
blocked: blocked
};
if (!blocked && !isTrackedClass) {
return;
}
if (blocked) {
event.preventDefault();
const safeUrl = resolveSafeUrl(link, href);
if (safeUrl && safeUrl !== href) {
link.setAttribute('href', safeUrl);
payload.effective_url = safeUrl;
openMomoUrl(link, safeUrl);
}
trackMomoLink(payload);
return;
}
trackMomoLink(payload);
};
document.addEventListener('click', guardMomoLink, true);
document.addEventListener('auxclick', guardMomoLink, true);
})();
</script>
<script>
const csrfToken = document.querySelector('meta[name="csrf-token"]')?.getAttribute('content');
const fetchWithCSRF = (url, options = {}) => {
options.headers = {
...options.headers,
'X-CSRFToken': csrfToken
};
return fetch(url, options);
};
(function () {
const shell = document.getElementById('momo-shell');
const toggle = document.querySelector('[data-momo-sidebar-toggle]');
const close = document.querySelector('[data-momo-sidebar-close]');
if (!shell || !toggle) return;
toggle.addEventListener('click', function () {
shell.classList.toggle('is-sidebar-open');
});
if (close) {
close.addEventListener('click', function () {
shell.classList.remove('is-sidebar-open');
});
}
})();
</script>
{% block extra_js %}{% endblock %}
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink