
ä»ãããªãã®ãµã€ãã§äŒŒããããªããŒãžã«åºäŒã£ãã°ãŒã°ã«ã¯ããã®äžã«ã©ããªçš®é¡ã®ã³ã³ãã³ããå ¬éãããŠãããããããŠãããæ¬è³ªçã«çŸããåæããæ¹æ³ãç¥ã£ãŠããŸãïŒèšäºã補åããããª..ïŒ
åæ§ã®æ©èœãå¿ èŠã§ããã ã¿ã¹ã¯ã¯åçŽã§ãã¯ã©ã€ã¢ã³ãåŽã®ã¿ã«èŠããŸããã ãã ããå®éã«ã¯ããœãªã¥ãŒã·ã§ã³ã¯ã¯ã©ã€ã¢ã³ãåŽãšãµãŒããŒåŽã®æ¥åéšã«ãããŸãïŒãã¯ãªãŒã³ãªãJSããã°ã©ããŒã¯ããŸããŸãªãããã·ãµãŒããŒã«ã€ããŠäœãç¥ãããçºå°äœã«è¿ã¥ãã®ã«éåžžã«é·ãæéããããå ŽåããããŸãïŒã åæã«ãæåããæåŸãŸã§ãã¹ãŠã®æè¡ã説æããèšäºãã€ã³ã¿ãŒãããäžã§èŠã€ããããŸããã§ããã ãŸãã BeLoveãŠãŒã¶ãŒãšã»ãã¥ãªãã£ããŒã ã®æ¯æŽã«æè¬ããŸãã
ãã®å ŽåããŠã§ããã¹ã¿ãŒãïŒããŠã¹ã®ã¯ãªãã¯ã§ïŒããŒãžäžã®ç¹å®ã®èŠçŽ ã®xPathå€ãç°¡åã«ååŸã§ããããã«ããããšæããŸãã
iframeãåããªãªãžã³ã
ãã®ããã管çããã«ã§ããŠãŒã¶ãŒã¯èªåã®ãµã€ãã®ããŒãžã®URLãå ¥åããå¿ èŠããããŸããiFrameã«è¡šç€ºããå¿ èŠã«å¿ããŠããŠã¹ãã€ã€ããŠãç®çã®xPathãååŸããŸãã ãã¹ãŠã¯åé¡ãããŸãããããã©ãŠã¶ã®ã»ãã¥ãªãã£ããªã·ãŒã«ããã管çããã«ïŒãã¡ã€ã³ïŒã®iframeã«èªã¿èŸŒãŸããå¥ã®ãã¡ã€ã³ããããŒãžã®ã³ã³ãã³ãã«ã¢ã¯ã»ã¹ããããšã¯ã§ããŸããã
CORS-ã¯ãã¹ãªãªãžã³ãªãœãŒã¹å ±æ
äœäººãã®äººã ã¯CORSã䜿çšããããã«ç§ã«å©èšããã ãã©ãŠã¶å ã®å¥ã®ãã¡ã€ã³ããã®ã³ã³ãã³ããžã®ã¢ã¯ã»ã¹ã«é¢ããå€ãã®åé¡ã解決ããåãçæå ããªã·ãŒã®å¶éãåé¿ã§ãããã¡ãã·ã§ããã«ãªãã¯ãããžãŒã
å€éšãã¡ã€ã³ã®ããŒãžã®ã³ã³ãã³ããžã®ã¢ã¯ã»ã¹ãèš±å¯ãããµã€ãã¯ãhttpããããŒã«åçŽã«æžã蟌ã¿ãŸãã
Access-Control-Allow-Origin: http://example.com
ãŸãããã©ãŠã¶ã®å¥ã®ãã¡ã€ã³ã®ããŒãžããéä¿¡ããããªã¯ãšã¹ãã®httpããããŒã«ã¯ãçºä¿¡å ãã£ãŒã«ããå¿ èŠã§ãã
Origin: www.mysupersite.com
ãã©ãŠã¶ããªã¯ãšã¹ãèªäœã«çºä¿¡å ãã£ãŒã«ããè¿œå ããããšã¯æããã§ãã Habréã«é¢ããèšäºãè¿œå ããææ°ã®ãã©ãŠã¶ãåããã¡ã€ã³ã®ãªã¯ãšã¹ãã«ãOriginãè¿œå ããããšã確èªããŸãã

ãã ãïŒ
- ãã©ãŠã¶ã¯ ãiframeã«èªã¿èŸŒãŸããããŒãžã®ãªã¯ãšã¹ãããããŒã«ãªãªãžã³ãé 眮ããŸãã ïŒçç±ã¯èª°ã«ã説æã§ããŸããïŒïŒ
- ãŠã§ããã¹ã¿ãŒã«Access-Control-Allow-OriginããããŒã®æžã蟌ã¿ãäŸé Œããããªã
iframeãµã³ãããã¯ã¹
å¥ã®ãã¬ã³ãã£ãªæè¡ã ãµã³ãããã¯ã¹ã¯ãIframeã¿ã°ã®å±æ§ã§ãã å€allow-same-originããã®å±æ§ã®å€ã®1ã€ãšããŠèšå®ã§ããŸãã ãã®ãããã¯ãæãå§ããåã«ããã®å±æ§ãäœãããŠããã®ãæ£ç¢ºã«ã¯ç¥ããŸããã§ããããéåžžã«é åçã§ããã ãã ããsandboxå±æ§ã¯ãiframeã«èªã¿èŸŒãŸããããŒãžã§å®è¡ã§ããããšãå¶éããã ãã§ã芪ããã¥ã¡ã³ããããã¬ãŒã ã®ã³ã³ãã³ãã«ã¢ã¯ã»ã¹ããåé¡ãšã¯é¢ä¿ãããŸããã
å ·äœçã«ã¯ãå€allow-same-origin ïŒãŸãã¯ãã®äžåšïŒã¯ãiframeã¯åžžã«ä»ã®èª°ãã®ãã¡ã€ã³ããããŠã³ããŒãããããšèŠãªãããããšã瀺ããŠããŸãïŒããšãã°ããã®ãããªãã¬ãŒã ãã芪ããã¥ã¡ã³ãã®ãã¡ã€ã³ã«AJAXãªã¯ãšã¹ããéä¿¡ããããšã¯ã§ããŸããïŒ
Googleã§ã©ã®ããã«è¡ããããèŠãŠã¿ãŸããã
å 貎ãããããšã®æéãæã

iframeèŠçŽ ã®srcå±æ§ã«æ³šæããŠãã ããïŒ
src="https://wmthighlighter.googleusercontent.com/webmasters/data-highlighter/RenderFrame/007....."
-Googleãã¡ã€ã³ãã管çããã«ã«ããŒãžãèªã¿èŸŒãŸããŸãã ããã«æ·±å»ãªã®ã¯ããœãŒã¹ããã¥ã¡ã³ãå ã®ã¹ã¯ãªãããåçã§ããããããã·ãä»ããŠå®è¡ãããããšã§ãã ãã¹ãŠã®srcãhref ...ã¯ãhtmlã§ãããã·ããããã®ã«çœ®ãæããããŸãã ãã®ãããªãã®ïŒ


ããŒãžã䜿çšãããã¹ãŠã®ãªãœãŒã¹ã¯ãGoogleãããã·ã«ãä¿åãããŸãã Googleãããã·ãµãŒããŒäžã®ããŽã®äŸã次ã«ç€ºããŸã ã
CGIProxyïŒ
åãããšãè¡ãã«ã¯ã CGIProxyã®ãããªæ¬æ Œçãªãããã·ãäœæããå¿ èŠãããããã«æããŸãã ã ãã®ãããã·ãµãŒããŒã¯ãGoogleã®wmthighlighter.googleusercontent.comãšã»ãŒåãããšãè¡ããŸãã
ã¹ã¯ãªããã®URLã«ã¢ã¯ã»ã¹ããŠããã©ãŠãžã³ã°ã»ãã·ã§ã³ãéå§ããŸãã ãããã·çµç±ã§ããŒãžãååŸãããšããªã³ã¯å ã®ãã¹ãŠãèªåçã«ãããã·ãçµç±ããŸãã é²èŠ§ããããŒãžãããã¯ããŒã¯ããããšãã§ããããã¯ããŒã¯ã¯æåã«è¡ã£ãããã«ãããã·ãééããŸãã
ããªãã®ãããã·ïŒ
ãã ããã¿ã¹ã¯ãçµã蟌ããšãåçŽãªãããã·ãäœæããæ¹ãç°¡åã§ãã å®éã«ã¯ãGoogleããã®æ¹æ³ã§è¡ãããããã¹ãŠã®ããŒãžã³ã³ãã³ãããããã·çµç±ã§å®è¡ããããšã¯å®å šã«ãªãã·ã§ã³ã§ãã ãã¡ã€ã³ã®HTMLãæäŸããã ãã§ãå ã®ãã¡ã€ã³ãããªãœãŒã¹ãããŒãã§ããŸãã ãããŸã§ã«åé€ããHttpsã
ã¹ãŒããŒããã©ãŒãã³ã¹ãèšå®ã®å©äŸ¿æ§ã®ç®æšã¯ããã ãã®äŸ¡å€ã¯ãããŸãããnode.jsããphpãŸã§ãäœã§ããã°ããå®è¡ã§ããŸãã Javaã§ãµãŒãã¬ãããäœæããŸããã
ããŠã³ããŒãããŒãž
ãããã·ãµãŒãã¬ããã¯äœããã¹ãã§ããïŒ getãã©ã¡ãŒã¿ãŒã䜿çšããŠãããŒãããããŒãžã®URLãååŸããããŒãžãããŠã³ããŒãããŸãã
å¿ ãããŒãžã®ãšã³ã³ãŒãã£ã³ã°ã決å®ããŠãã ããïŒhttpå¿çãŸãã¯htmlã®æåã»ããã䜿çšïŒ-ãããã·ã¯ãããŒãããããŒãžãšåããšã³ã³ãŒãã£ã³ã°ã§å¿çããå¿ èŠããããŸãã ãŸãã念ã®ããã«Content-Typeãå®çŸ©ããŸãããããã¹ã/ htmlã§ããŒãžãååŸããåãæ¹æ³ã§æäŸããããšã¯æããã§ãã
final String url = request.getParameter("url"); final HttpGet requestApache = new HttpGet(url); final HttpClient httpClient = new DefaultHttpClient(); final HttpResponse responseApache = httpClient.execute(requestApache); final HttpEntity entity = responseApache.getEntity(); final String encoding = EntityUtils.getContentCharSet( entity ); final String mime = EntityUtils.getContentMimeType(entity); String responseText = IOUtils.toString(entity.getContent(), encoding);
*ä»ã®èª°ãã®ã³ãŒããè©äŸ¡ããã人ã®ããã«ïŒç§ãã¡ã®ããŒã ã§ã¯èª°ããåãeclicpseã³ãŒãã®æžåŒèšå®ãæã¡ããã¡ã€ã«ãä¿åãããšããä»ã®å Žæã§å€æŽããªãå ŽåãEclipseã¯ãã¹ãŠã®æçµå€æ°ã«è¿œå ããŸãã çµå±ã®ãšãããããã¯éåžžã«äŸ¿å©ã§ãã
ããŒãžã³ãŒãã§çžå¯ŸURLã絶察URLã«å€æŽãã
ããŒãžå ã®srcããã³hrefïŒã¹ã¿ã€ã«ãã¡ã€ã«ãç»åã®ãã¹ïŒã䜿çšããŠãã¹ãŠã®å±æ§ã調ã¹ãçžå¯ŸURLã絶察URLã«çœ®ãæããå¿ èŠããããŸãã ããããªããšãããŒãžã¯ãããã·ã®ããã€ãã®ãã©ã«ããŒããç»åãããŠã³ããŒãããããšããŸãããããã¯èªç¶ã«ã¯æã£ãŠããŸããã ã©ã®èšèªã«ãæ¢è£œã®ã¯ã©ã¹ããããŸãããŸãã¯ãstackoverflowã§ãã®ã±ãŒã¹ã®ã³ãŒãã¹ãããããèŠã€ããããšãã§ããŸãã
final URI uri = new URI(url); final String host = uri.getHost(); responseText = replaceRelativeLinks(host,responseText);
htmlãéä¿¡ããŸã
ããã§ããããã·ãµãŒãã¬ããã®æºåãã§ããŸããã ç®çã®ãšã³ã³ãŒãã£ã³ã°ãšMIMEãèšå®ããŠãåçãéä¿¡ããŸãã
protected void sendResponse(HttpServletResponse response, String responseText, String encoding, String mime) throws ServletException, IOException { response.setContentType(mime); response.setCharacterEncoding(encoding); response.setStatus(HttpServletResponse.SC_OK); response.getWriter().print(responseText ); response.flushBuffer(); }
å±éãšãã¹ã
adminpanel.indexisto.com adminãšåãã¢ãã¬ã¹ã«ãããã·ãµãŒãã¬ããããããã€ãããããã·ãä»ããŠãŠã§ããã¹ã¿ãŒã®ãŠã§ããµã€ãããŒãžãiframeã«ããŒããããšãã¯ãã¹ãã¡ã€ã³ã®åé¡ããã¹ãŠãªããªããŸãã
ç§ãã¡ã®ãããã·ã¯
http://adminpanel.indexisto.com/highlighter?url=http://habrahabr.ru
-ããã¯ãhabrããã¡ã€ã³ããèµ·åããæ¹æ³ã§ãã iframeã§ãã®ã¢ãã¬ã¹ãæå®ãã管çããã«ã®JSãä»ããŠHOM DOMããªãŒã«ã¢ã¯ã»ã¹ããããšããŸã-ãã¹ãŠãæ©èœããŸãã Cookieãæããªããããã·ããããŒãžãèªã¿èŸŒãŸãããããCSRFã¯åœç¶æ©èœããŸããã
SSRFã®åé¡
ã¢ãã¬ã¹ãlocalhostããæã€ãµã€ããiframeã«ããŒãããŸã-ãã£ãšããããnginxã®éå§ããŒãžã§ãã ãããã·ãµãŒããŒãšåããããã¯ãŒã¯äžã§å éšïŒå€éšããã¯èŠããªãïŒãªãœãŒã¹ãè©ŠããŠã¿ãŸãããã ããšãã°ãsecured_crm.indexisto.com-ãã¹ãŠãæŽã£ãŠããŸãã
ãã¡ããããããã·ã§ãããã®ããšãçŠæ¢ããããšããŸãã誰ããããŒã«ã«ãã¹ãããããã·ããããšããå Žåãäœãè¿ããã«çµäºããŸãïŒ
if (url.contains("localhost")||url.contains("127")||url.contains("highlighter")||url.contains("file")) { LOG.debug("Trying to get local resource. Url = " + url); return; }
ãã ãããã¹ãŠã®ãããã¯ãŒã¯ãªãœãŒã¹ãããã«ãªã¹ãããããã§ã¯ãããŸããã ãã®ããããã·ã³ãã€ã³ã¿ãŒããããããèªäœãããã³ãããã·ä»¥å€ãèªèããªãããã«ããããã·ãå®å šã«éé¢ãããç°å¢ã«ç§»åããå¿ èŠããããŸãã è»ãéžæããããã§ãµãŒãã¬ãããæ§æããŠèµ·åããŸãã
XSSã®åé¡
ç§ãã¡ãæžããããŒãžãiframeã«ããŒãããŸãïŒ
<script>alert('xss')</script>
ã¢ã©ãŒãããããã¢ããããŸãã æ²ããã§ã ãã®iframeå±æ§sandbox allow-scriptsãåé¿ã§ããŸããããã®å±æ§ãå®éã«ç解ããŠããªãå€ããã©ãŠã¶ãŒã«ã€ããŠã¯ã©ãã§ããããïŒ Cookieãçãããšã¯ã§ããŸããããšã«ãããã®ãŸãŸã«ããããšã¯ã§ããŸããã
å¥ã®ãã·ã³ã§ãµãŒãã¬ãããåãåºãã ãã§ãªããå¥ã®ãµããã¡ã€ã³highlighter.indexisto.comã«ããŸã ã
å°çããã¯ãã¹ãã¡ã€ã³ã®å¶éããã€ãã¹ããŠãç¬èªã®ãœãªã¥ãŒã·ã§ã³ãç ŽããŸããã ããã§ãiframeã³ã³ãã³ãã«åã³ã¢ã¯ã»ã¹ã§ããªããªããŸããã
èå³æ·±ãèãã
Googleããã®è§£æ±ºçãç¶ç¶ããå¥ã®ãŠã£ã³ããŠã§ãããã·ãä»ããŠæäŸãããããŒãžãéããŸãã

ã³ã³ãœãŒã«ã§å¥åŠãªãšã©ãŒã«æ°ã¥ããŸããã
CrossPageChannel: Can't connect, peer window-object not set.
çµç¹åãããæ¹æ³ã§ã®ãã¹ãŠãããã¡ã€ã³ããiframeã«ããŒãžãããŒããããããè€éã§ããããšãæããã«ãªããŸããã ããŒãžã¯äºãã«éä¿¡ããŸãã ãããã£ãŠã window.postMessageã«åãã£ãŠé²ã¿ãŸãã
ã¡ãã»ãŒãžãæçš¿ãã
ããŠã¹ã§ããŒãžèŠçŽ ãéžæãããŠããããšã確èªããããã«ãŠã§ããã¹ã¿ãŒã«ã¹ã¯ãªãããããŒãžã«æ¿å ¥ããããããã®èŠçŽ ã®xPathãpostMessageãä»ããŠèŠªããã¥ã¡ã³ãã§éä¿¡ããããšã¯äººéçã§ã¯ãããŸããã§ãã ã ãã ãããããã·ãiFrameã«èªã¿èŸŒãŸããããŒãžã«ã¹ã¯ãªãããæ¿å ¥ããã®ãæ¢ãã人ã¯ããŸããã
å®è£ ã«å¿ èŠãªãã¹ãŠã®ã¹ã¯ãªããã¯ãã¡ã€ã«ã«ä¿åãããçµäºããã£ã®åã«æ¿å ¥ãããŸãïŒ
final int positionToInsert = responseText.indexOf("</body>"); final InputStream inputStream = getServletContext().getResourceAsStream("/WEB-INF/inject.js"); final StringWriter writer = new StringWriter(); IOUtils.copy(inputStream, writer); final String jsToInsert = writer.toString(); responseText = responseText.substring(0, positionToInsert) + jsToInsert + responseText.substring(positionToInsert, responseText.length());
èŠåã®å ŽåãèŠåãæ¿å ¥ããŸã-ãã¹ãŠãæ©èœããŸãã
JSããŒã-è ã®äžã®å®¶ã®èŠçŽ ã匷調衚瀺ããxpathãååŸããŸã
ããŠããŠã§ããã¹ã¿ãŒã®ããŒãžã«æ¿å ¥ããJSã«é²ã¿ãŸãã
人ãããŠã¹ãåããdomèŠçŽ ã匷調衚瀺ããå¿ èŠããããŸãã èŠçŽ ã¯ç§»åãããããŒãžå šäœããžã£ã³ããããããã·ã£ããŠã§ãããè¡ãããšããå§ãããŸãã ç§ãã¡ã¯äœã«ããŠã¹ãªãŒããŒãæããã¿ãŒã²ããã€ãã³ãã調ã¹ãŸãã åããã³ãã©ãŒã§ãèŠçŽ ã®xpathãèšç®ããŸãã ã¯ãªãã¯æã«xPathèŠçŽ ãèšç®ããããšããå§ãããŸããããã®ãããªå®è£ ã§ã¯ãã¬ãŒãã«æ°ä»ããŸããã§ããã
elmFrame.contentWindow.document.body.onmouseover= function(ev){ ev.target.style.boxShadow = "0px 0px 5px red"; curXpath = getXPathFromElement(ev.target); }
ããã§ã¯ãDOMèŠçŽ ã®xPathãååŸããããã®å®è£ ãæäŸããŸããã ãããè¡ãæ¹æ³ã«é¢ããå€ãã®ã¹ããããããããŸãã ãããã®ã¹ããããã¯ã¿ã¹ã¯ã«åãããŠå€æŽã§ããŸããããšãã°ãxpathã«ã¯ã¿ã°ã®ã¿ãå¿ èŠã§ãã ãŸãã¯ãidãå¿ èŠãªå Žåã¯idãå¿ èŠã§ããidããªãå Žåã¯ã¯ã©ã¹ãå¿ èŠã§ãã誰ããç¬èªã®èŠä»¶ãæã£ãŠããŸãã
次ã«ãã¹ã¯ãªãããåã蟌ãŸããHabrã®ãããã³ã°ãããã¡ã€ã³ããŒãžã®äŸã瀺ããŸãã
http://highlighter.indexisto.com/?md5=6ec7rdHxUfRkrFy55jrJQA==&url=http%3A%2F%2Fhabrahabr.ru&expires=1390468360
JSããŒã-ã¯ãªãã¯åŠç
ãŠãŒã¶ãŒãiframeå ã®ããŒãžãã¯ãªãã¯ãããšããã«ãæ¶æ» ãããŸãïŒiframeå ã®ãªã³ã¯ãã¯ãªãã¯ããããšã¯ãããŸããïŒã ãŸããåä¿¡ããxPathã®æååã芪ãŠã£ã³ããŠã«éä¿¡ããŸãïŒããŠã¹ãèŠçŽ ã®äžã«çœ®ããŠé転ãã段éã§ãä¿åããŸããïŒ
document.body.onclick = function(ev){ window.parent.postMessage( curXpath, "*"); ev.preventDefault(); ev.stopPropagation(); }
å©çïŒ
ããã§ãã¹ãŠã§ãã管çããã«ã§ã¯ããŠã§ããã¹ã¿ãŒãããŒãžäžã®èŠçŽ ãžã®xpathãã¹ããã°ããç°¡åã«ååŸã§ããããã«ãªããŸããã

ã»ãã¥ãªãã£æ©èœãè¿œå ãã
ããŠããã¹ãŠãç§ãã¡ã®ããã«åããããç§ãã¡ã®ãããã·ãå®å šã«å®å šã§ãªãäžçãèŠãŠãããšããäºå®ãšã®ãã€ã³ãããããŸãã 誰ã§ãäœã§ã宣èšã§ããŸãã
nginxããããã·ã®åã«çœ®ããããŒã80ããªãã¹ã³ããå¥ã®ããŒããžã®ãããã·ãåé€ããŸãã 80ãé€ãä»ã®ãã¹ãŠã®ããŒãã¯ãå€çããééãããŠããŸãã
ããã§ã管çããã«ããã®ã¿ãããã·ãæ©èœãããŸãããã Webãã¹ã¿ãŒãèªåã®ãµã€ãã®URLãå ¥åããç¬éããµãŒããŒã«ãã°ããå®è¡ãããçŸåšã®TimeStamp + 1æéããURLèªäœãšã¹ãŒããŒã·ãŒã¯ã¬ããããmd5ããã·ã¥ãçæãããŸãã
final String md5Me = timeStampExpires + urlEncoded + "SUPERSECRET"; final MessageDigest md = MessageDigest.getInstance("MD5"); md.reset(); md.update(md5Me.getBytes("UTF-8")); String code = Base64.encodeBase64String(md.digest()); code = code.replaceAll("/", "_"); code = code.replaceAll("\\+","-");
ãŸããã³ãŒãã§ã¯éåžžã®16é²æ°ãšã¯ç°ãªãmd5è¡ãååŸããŸãããbase64ãšã³ã³ãŒãã£ã³ã°ã§ã¯ãçµæã®md5ã§ãã¹ã©ãã·ã¥ãšãã©ã¹èšå·ã«ã¢ã³ããŒã¹ã³ã¢ãšããã·ã¥ã䜿çšããå¥åŠãªçœ®æãè¡ããŸãã
å®éãngnixã¯base64ãã¡ã€ã«åã»ãŒãã¢ã«ãã¡ãããtools.ietf.org/html/rfc3548#page-6ã䜿çšããŠãã
ãŸããJavaã¯æšæºã®base64ãæäŸããŸãã
管çããã«ã®ã»ãã¥ãªãã£md5ã䜿çšããŠãµãŒããŒããå¿çãåä¿¡ããåŸã次ã®URLãiframeã«ããŒãããããšããŠããŸãã
highlighter.indexisto.com/?md5=Dr4u2Yeb3NrBQLgyDAFrHg==&url=http%3A%2F%2Fhabrahabr.ru&expires=1389791582
nginxã¢ãžã¥ãŒã«HttpSecureLinkModuleãæ§æããŸãã ãã®ã¢ãžã¥ãŒã«ã¯ãããã«æ¥ããã¹ãŠã®ãã©ã¡ãŒã¿ãŒã®md5ããã§ãã¯ãïŒadminãµãŒãã¬ãããšåãç§å¯ããŒãã¢ãžã¥ãŒã«ã«ç»é²ãããŠããŸãïŒããªã³ã¯ãåé€ããããã©ããããã§ãã¯ãããã®å Žåã®ã¿ãªã¯ãšã¹ãããããã·ãµãŒãã¬ããã«è»¢éããŸãã
ããã§èª°ã管çé åå€ãããããã·ã䜿çšã§ããªããªãããŸãã©ããã«ãµãŒããŒã«ãããã·ãããç»åãæ¿å ¥ããããšãã§ããªããªããŸã-ãšã«ãã1æéã§æ»ã«ãŸãã
ããã¯ãã¹ãŠã®äººã ã§ãïŒ
Googleã¯åœç¶ãããŒã«ãŒããŒã«ã䜿çšããŠããã«å€§ããåé²ããŸããã ããŒãžäžã®èŠçŽ ãæ確ã«èå¥ããã«ã¯ãåãã¿ã€ãã®è€æ°ã®ããŒãžã§åãèŠçŽ ïŒèšäºã®ã¿ã€ãã«ãªã©ïŒãããŒã¯ããå¿ èŠããããŸããããã«ãããxpathãããæ£ç¢ºã«æ§ç¯ããæããã«1ããŒãžã®ã¿ã§æ©èœãããpost-2334ãã®ç°ãªãidã¿ã€ããããããã§ããŸãã 管çããã«ã§ã¯ã蚱容ã§ããçµæãåŸãããã«xpathãæã§ä¿®æ£ããå¿ èŠããããŸã