diff options
| author | Zach Copley <zach@controlyourself.ca> | 2009-02-18 15:41:02 -0800 |
|---|---|---|
| committer | Zach Copley <zach@controlyourself.ca> | 2009-02-18 15:41:02 -0800 |
| commit | 33c8a8ed92c0fbbab0f042b666ebd5b4e0705913 (patch) | |
| tree | 94576ae384ba64cdec0287d8cffaf3b25322eeb3 | |
| parent | 28e1c163e3e14b646851d7641c1c8a6a00de8fdc (diff) | |
| parent | cca1d777485d9b5f41bbc65ad10b002702f0aae4 (diff) | |
Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x
| -rw-r--r-- | lib/action.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/action.php b/lib/action.php index 8ff9e646b..e2d09ace2 100644 --- a/lib/action.php +++ b/lib/action.php @@ -224,7 +224,9 @@ class Action extends HTMLOutputter // lawsuit $this->element('script', array('type' => 'text/javascript', 'src' => common_path('js/util.js?version='.LACONICA_VERSION)), ' '); - + // Frame-busting code to avoid clickjacking attacks. + $this->element('script', array('type' => 'text/javascript'), + 'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }'); $this->element('script', array('type' => 'text/javascript', 'src' => common_path('js/flowplayer-3.0.5.min.js')), @@ -233,9 +235,6 @@ class Action extends HTMLOutputter // lawsuit $this->element('script', array('type' => 'text/javascript', 'src' => common_path('js/video.js')), ' '); - - - Event::handle('EndShowLaconicaScripts', array($this)); } Event::handle('EndShowScripts', array($this)); |