我最近收到了一封电子邮件,其中包含以下内容(请勿点击!):
<A HrEf="/@/0X0a290d92b/UALI=28389-UI=176738575-OI=279-ONI=5477-SI=0-CI=0-BI=577-II=27913-IDSP=1-KLEM=11-TIE=A-IDE=276135-MID=572-FID=0-DIOM=0" sTyLe=color:#000;font-size:10px;font-family:arial;>
<span>UNS</span></a>
这是原始电子邮件的链接:https://gist.github.com/anonymous/16963a230cab0a3a1bcfc81209f297f1
据我所知,
/@不是有效的网址。我的浏览器如何将其解析为网站?
最佳答案
它会将@之前的所有内容都视为传递给URL的身份验证信息。 “真实”网址以@开头,@是vsminkov提到的编码IP地址。因此,前面的正斜杠将被丢弃。
易于阅读的示例:http://username:password@example.com/
只是层层的混淆。
这是一个有趣的链接,详细介绍了该链接:
http://www.pc-help.org/obscure.htm
这是RFC 2396,描述了网址的这一部分:
URL schemes that involve the direct use of an IP-based protocol to a specified server on the Internet use a common syntax for the server component of the URI's scheme-specific data:
<userinfo>@<host>:<port>where may consist of a user name and, optionally, scheme- specific information about how to gain authorization to access the server. The parts "@" and ":" may be omitted.
server = [ [ userinfo "@" ] hostport ]The user information, if present, is followed by a commercial at-sign "@".
userinfo = *( unreserved | escaped | ";" | ":" | "&" | "=" | "+" | "$" | "," )
关于email - 如何解决垃圾邮件中的/@网址?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36657576/