sslserver: SSL server to use when page is HTTPS-encrypted. If
unspecified, site ssl server and so on will be used.
sslpath: If sslserver if defined, path to use when page is HTTPS-encrypted.
+bustframes: If true, all web pages will break out of framesets. If false,
+ can comfortably live in a frame or iframe... probably. Default
+ to true.
xmpp
----
$this->script('util.min.js');
$this->showScriptMessages();
// Frame-busting code to avoid clickjacking attacks.
- $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
+ if (common_config('javascript', 'bustframes')) {
+ $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }');
+ }
Event::handle('EndShowStatusNetScripts', array($this));
Event::handle('EndShowLaconicaScripts', array($this));
}
projects / quix0rs-gnu-social.git / commitdiff