eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Using inlineScript instead for clickjacking check

Browse Source
This commit is contained in:
Sarven Capadisli
2010-02-19 13:13:05 +01:00
parent b03c7a383f
commit 8d59f7cc9d
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/action.php
View File

@@ -259,8 +259,7 @@ class Action extends HTMLOutputter // lawsuit
$this->script('util.js');
$this->script('geometa.js');
// Frame-busting code to avoid clickjacking attacks.
$this->element('script', array('type' => 'text/javascript'),
'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
$this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
Event::handle('EndShowStatusNetScripts', array($this));
Event::handle('EndShowLaconicaScripts', array($this));
}