Add framebusting JavaScript to help avoid clickjacking attacks.

This commit is contained in:
Meitar Moscovitz 2009-02-16 15:45:18 +11:00
parent faf82eebfe
commit 9d81cef5cc

View File

@ -205,6 +205,9 @@ class Action extends HTMLOutputter // lawsuit
$this->element('script', array('type' => 'text/javascript', $this->element('script', array('type' => 'text/javascript',
'src' => common_path('js/util.js?version='.LACONICA_VERSION)), 'src' => common_path('js/util.js?version='.LACONICA_VERSION)),
' '); ' ');
// Frame-busting code to avoid clickjacking attacks.
$this->element('script', array('type' => 'text/javascript'),
'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
Event::handle('EndShowLaconicaScripts', array($this)); Event::handle('EndShowLaconicaScripts', array($this));
} }
Event::handle('EndShowScripts', array($this)); Event::handle('EndShowScripts', array($this));