summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMeitar Moscovitz <meitarm@gmail.com>2009-02-16 15:45:18 +1100
committerMeitar Moscovitz <meitarm@gmail.com>2009-02-16 15:45:18 +1100
commit9d81cef5cc2a0a197a0223206ba3d9a687065886 (patch)
tree495ae2f2a15ab875f1515accf52cba01bcbe64f8
parentfaf82eebfebf24c7a8aa62b517e15c0a1ad71954 (diff)
Add framebusting JavaScript to help avoid clickjacking attacks.
-rw-r--r--lib/action.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/action.php b/lib/action.php
index cd0db5399..48d5821a1 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -205,6 +205,9 @@ class Action extends HTMLOutputter // lawsuit
$this->element('script', array('type' => 'text/javascript',
'src' => common_path('js/util.js?version='.LACONICA_VERSION)),
' ');
+ // Frame-busting code to avoid clickjacking attacks.
+ $this->element('script', array('type' => 'text/javascript'),
+ 'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
Event::handle('EndShowLaconicaScripts', array($this));
}
Event::handle('EndShowScripts', array($this));