forked from GNUsocial/gnu-social
Add framebusting JavaScript to help avoid clickjacking attacks.
This commit is contained in:
parent
faf82eebfe
commit
9d81cef5cc
@ -205,6 +205,9 @@ class Action extends HTMLOutputter // lawsuit
|
||||
$this->element('script', array('type' => 'text/javascript',
|
||||
'src' => common_path('js/util.js?version='.LACONICA_VERSION)),
|
||||
' ');
|
||||
// Frame-busting code to avoid clickjacking attacks.
|
||||
$this->element('script', array('type' => 'text/javascript'),
|
||||
'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
|
||||
Event::handle('EndShowLaconicaScripts', array($this));
|
||||
}
|
||||
Event::handle('EndShowScripts', array($this));
|
||||
|
Loading…
Reference in New Issue
Block a user