From: Evan Prodromou Date: Thu, 17 Mar 2011 15:31:43 +0000 (-0400) Subject: configuration option to bust frames or not X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=a4305401557f56656d98e1bb22dd68e83a5622c7;p=quix0rs-gnu-social.git configuration option to bust frames or not --- diff --git a/README b/README index c27182395c..58ebd290b0 100644 --- a/README +++ b/README @@ -1139,6 +1139,9 @@ ssl: Whether to use SSL for JavaScript files. Default is null, which means sslserver: SSL server to use when page is HTTPS-encrypted. If unspecified, site ssl server and so on will be used. sslpath: If sslserver if defined, path to use when page is HTTPS-encrypted. +bustframes: If true, all web pages will break out of framesets. If false, + can comfortably live in a frame or iframe... probably. Default + to true. xmpp ---- diff --git a/lib/action.php b/lib/action.php index 173e2c2a58..fef4259264 100644 --- a/lib/action.php +++ b/lib/action.php @@ -298,7 +298,9 @@ class Action extends HTMLOutputter // lawsuit $this->script('util.min.js'); $this->showScriptMessages(); // Frame-busting code to avoid clickjacking attacks. - $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }'); + if (common_config('javascript', 'bustframes')) { + $this->inlineScript('if (window.top !== window.self) { window.top.location.href = window.self.location.href; }'); + } Event::handle('EndShowStatusNetScripts', array($this)); Event::handle('EndShowLaconicaScripts', array($this)); } diff --git a/lib/default.php b/lib/default.php index 124c90c998..c1dfcbc87d 100644 --- a/lib/default.php +++ b/lib/default.php @@ -154,7 +154,8 @@ $default = 'javascript' => array('server' => null, 'path'=> null, - 'ssl' => null), + 'ssl' => null, + 'bustframes' => true), 'local' => // To override path/server for themes in 'local' dir (not currently applied to local plugins) array('server' => null, 'dir' => null,