wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add framebusting JavaScript to help avoid clickjacking attacks.

Browse Source
This commit is contained in:
Meitar Moscovitz 2009-02-16 15:45:18 +11:00
parent faf82eebfe
commit 9d81cef5cc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/action.php
View File

@ -205,6 +205,9 @@ class Action extends HTMLOutputter // lawsuit
$this->element('script', array('type' => 'text/javascript', $this->element('script', array('type' => 'text/javascript',
'src' => common_path('js/util.js?version='.LACONICA_VERSION)), 'src' => common_path('js/util.js?version='.LACONICA_VERSION)),
' '); ' ');
// Frame-busting code to avoid clickjacking attacks.
$this->element('script', array('type' => 'text/javascript'),
'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
Event::handle('EndShowLaconicaScripts', array($this)); Event::handle('EndShowLaconicaScripts', array($this));
} }
Event::handle('EndShowScripts', array($this)); Event::handle('EndShowScripts', array($this));