// Output anti-framing headers to prevent clickjacking (respected by newer
// browsers).
if (common_config('javascript', 'bustframes')) {
- header('X-XSS-Protection 1; mode=block'); // detect XSS Reflection attacks
+ header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
}
$this->extraHeaders();
if (preg_match("/.*\/.*xml/", $type)) {
// Required for XML documents
- $this->xw->startDocument('1.0', 'UTF-8');
+ $this->startXML();
}
$this->xw->writeDTD('html',
'-//W3C//DTD XHTML 1.0 Strict//EN',