--
1.app_code/a.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Security;
using System.Security.Principal;
using System.IO;
using System.Text;
using System.Web.UI;
namespace ZY
{
public class M1 : IHttpModule
{
public void Dispose()
{
}
public void Init(HttpApplication application)
{
if (application != null)
{
application.PostMapRequestHandler += (o, e) =>
{
HttpContext context = ((HttpApplication)o).Context;
};
application.BeginRequest += (o, e) =>
{
var app = (HttpApplication)o;
var Response = app.Response;
var Request = app.Request;
string urlFlag = "userspecificresourceinjector.ashx";
if (Request.Url.ToString().ToLower().Contains(urlFlag))
{
//Response.Buffer = true;
}
};
}
application.PreSendRequestHeaders += new EventHandler(application_PreSendRequestHeaders);
application.PreSendRequestContent += new EventHandler(application_PreSendRequestContent);
}
void application_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
application.Context.Response.Headers.Set("X-Frame-Options","");
application.Context.Response.Headers.Remove("X-Frame-Options");
//response.setHeader("Access-Control-Allow-Origin", "*");
//application.Context.Response.Headers.Set("Access-Control-Allow-Origin","*");
application.Context.Response.Headers.Set("Access-Control-Allow-Origin","https://sp2013.temp.local");
application.Context.Response.Headers.Set("P3P","CP=CAO PSA OUR");
application.Context.Response.Headers.Set("allow-credentials","true");
application.Context.Response.Headers.Set("Access-Control-Allow-Credentials","true");
//userspecificresourceinjector.ashx
}
void application_PreSendRequestContent(object sender, EventArgs e)
{
HttpApplication application = (HttpApplication)sender;
//application.Context.Response.Write("application_PreSendRequestContent<br/>");
//var Response=application.Context.Response;
var Response = System.Web.HttpContext.Current.Response;
var Request=application.Context.Request;
string urlFlag="userspecificresourceinjector.ashx";
if(Request.Url.ToString().ToLower().Contains(urlFlag))
{
//Response.ExpiresAbsolute = System.DateTime.Now.AddSeconds(-1);
//Response.Expires = 0;
//Response.CacheControl = "no-cache";
//Response.AddHeader("Pragma", "No-Cache");
Response.ContentType = "application/javascript; charset=utf-8";
//Response.StatusCode = 200;
//Response.Write("includeScriptsAndStyles(slabManifest, \"/owa/auth/aa.js?\");");
//Response.Write("includeScriptsAndStyles(slabManifest, \"/jquery-1.9.1.js?\");");
//Response.Write("document.write(\"<script type='text/javascript' src='/owa/auth/jquery-1.9.1.js'></script>\");");
//Response.Write("var zyflag=true;");
Response.Write("document.write(\'<script type=\"text/javascript\" src=\"/owa/auth/aa.js?x=" + System.DateTime.Now.Millisecond.ToString() + "\"></script>\');");
//Response.Write("document.write(\'<script type=\"text/javascript\" src=\"/owa/auth/aa.js?x=\"></script>\');");
//Response.Write("eval(\"<script type='text/javascript' src='/owa/auth/aa.js'></script>\");");
//Response.Flush();
}
}
}
}
2.web.config
a. <system.web> <machineKey validationKey="AutoGenerate,IsolateApps" /> <compilation defaultLanguage="c#" debug="true"> b. <serverRuntime uploadReadAheadSize="0" /> <modules> <remove name="ServiceModel" /> <remove name="ServiceModel-4.0" /> <remove name="Session" /> <remove name="Profile" /> <!--remove name="UrlMappingsModule" /--> <add name="HttpProxy" type="Microsoft.Exchange.HttpProxy.ProxyModule,Microsoft.Exchange.FrontEndHttpProxy,Version=15.0.0.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35" preCondition="" /> <add name="cafe_exppw" /> <add name="zy" type="ZY.M1" /> </modules>
3.owa\auth\aa.js
//alert('09'); function findMenu() { var menuStr = "<span width=\"100%\" align=\"center\"><span onclick='window.open(\"/ecp/PersonalSettings/EditAccount.aspx?chgPhoto=1&rfr=owa\")' class=\"_b_f\" \">Profile</span>|<span onclick='window.location.href=\"/owa/logoff.owa\"' class=\"_b_f\">Logout</span></span>";; //alert('aa'); //var item2 = $('.button _n_3 _n_f'); //var item2 = document.getElementsByClassName('button _n_3 _n_f'); var item2 = document.getElementsByClassName('_n_e')[0]; item2.parentNode.parentNode.innerHTML = menuStr return; if (item2) { //item2.setAttribute('onclick', 'alert(1)'); bindEvent(item2, 'click', function () { // alert(0); var myVar = setInterval(function () { window.clearInterval(myVar) var menu = document.getElementsByClassName('_f_tp'); if (menu) { var logout = menu[0]; if (logout) { logout.innerHTML = menuStr; } } }, 20); }); } } function bindEvent(element, type, handler) { if (element.addEventListener) { element.addEventListener(type, handler, false); } else { element.attachEvent('on' + type, handler); } } function logoutOWA() { alert('logout'); } /* $(function () { findMenu(); } );*/ bindEvent(this, 'load', function () {
var strSPNavigationBtn='<button tabindex="-1" onclick="window.open(\'https://intern.abc.net.cn\');" class="button _n_q" id="_ariaId_110" role="menuitemradio" aria-checked="false" aria-selected="false" aria-labelledby="_ariaId_11" tempid="id=navigationItem;path=Application/Views/Common/HeaderNavigationView.htm"><img class="_b_e" role="presentation" style="display: none;" src="1x1.gif"><span class="_b_f" id="_ariaId_110">Intern Sharepoint</span></button>'
document.getElementById('_ariaId_10').parentNode.parentNode.insertAdjacentHTML('afterBegin',strSPNavigationBtn);
findMenu();
});
document.getElementById('_ariaId_10').parentNode.parentNode.innerHTML=document.getElementById('_ariaId_10').parentNode.parentNode.innerHTML + '<b onclick="alert(0)">abc</b>'