GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Using inlineScript instead for clickjacking check

Browse Source
This commit is contained in:
Sarven Capadisli 2010-02-19 13:13:05 +01:00
parent b03c7a383f
commit 8d59f7cc9d
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/action.php
View File

@ -259,8 +259,7 @@ class Action extends HTMLOutputter // lawsuit
$this->script('util.js'); $this->script('util.js');
$this->script('geometa.js'); $this->script('geometa.js');
// Frame-busting code to avoid clickjacking attacks. // Frame-busting code to avoid clickjacking attacks.
$this->element('script', array('type' => 'text/javascript'), $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
Event::handle('EndShowStatusNetScripts', array($this)); Event::handle('EndShowStatusNetScripts', array($this));
Event::handle('EndShowLaconicaScripts', array($this)); Event::handle('EndShowLaconicaScripts', array($this));
} }