diff options
author | Meitar Moscovitz <meitarm@gmail.com> | 2009-02-16 15:45:18 +1100 |
---|---|---|
committer | Meitar Moscovitz <meitarm@gmail.com> | 2009-02-16 15:45:18 +1100 |
commit | 9d81cef5cc2a0a197a0223206ba3d9a687065886 (patch) | |
tree | 495ae2f2a15ab875f1515accf52cba01bcbe64f8 | |
parent | faf82eebfebf24c7a8aa62b517e15c0a1ad71954 (diff) |
Add framebusting JavaScript to help avoid clickjacking attacks.
-rw-r--r-- | lib/action.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/action.php b/lib/action.php index cd0db5399..48d5821a1 100644 --- a/lib/action.php +++ b/lib/action.php @@ -205,6 +205,9 @@ class Action extends HTMLOutputter // lawsuit $this->element('script', array('type' => 'text/javascript', 'src' => common_path('js/util.js?version='.LACONICA_VERSION)), ' '); + // Frame-busting code to avoid clickjacking attacks. + $this->element('script', array('type' => 'text/javascript'), + 'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }'); Event::handle('EndShowLaconicaScripts', array($this)); } Event::handle('EndShowScripts', array($this)); |