Using inlineScript instead for clickjacking check

author Sarven Capadisli <csarven@status.net>

Fri, 19 Feb 2010 12:13:05 +0000 (13:13 +0100)

committer Sarven Capadisli <csarven@status.net>

Fri, 19 Feb 2010 12:13:05 +0000 (13:13 +0100)
author Sarven Capadisli <csarven@status.net>
Fri, 19 Feb 2010 12:13:05 +0000 (13:13 +0100)
committer Sarven Capadisli <csarven@status.net>
Fri, 19 Feb 2010 12:13:05 +0000 (13:13 +0100)
diff --git a/lib/action.php b/lib/action.php

index cd84662c9623a187f15f921c8f6923586afe5983..fa9ddb9110393ed5fede1512c94d6dc142dfeb6c 100644 (file)
--- a/lib/action.php
+++ b/lib/action.php
@@ -259,8 +259,7 @@ class Action extends HTMLOutputter // lawsuit
                  $this->script('util.js');
                  $this->script('geometa.js');
                  // Frame-busting code to avoid clickjacking attacks.
-                $this->element('script', array('type' => 'text/javascript'),
-                               'if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
+                $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
                  Event::handle('EndShowStatusNetScripts', array($this));
                  Event::handle('EndShowLaconicaScripts', array($this));
              }
author	Sarven Capadisli <csarven@status.net>
	Fri, 19 Feb 2010 12:13:05 +0000 (13:13 +0100)
committer	Sarven Capadisli <csarven@status.net>
	Fri, 19 Feb 2010 12:13:05 +0000 (13:13 +0100)