From f3f41cbe78693781a9874c59a8ae736d324797bd Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sat, 17 Apr 2010 13:51:08 -0400 Subject: [PATCH] remove one instance of inline js --- js/cross_framing_protection.js | 20 ++++++++++++++++++++ libraries/header_scripts.inc.php | 18 +----------------- 2 files changed, 21 insertions(+), 17 deletions(-) create mode 100644 js/cross_framing_protection.js diff --git a/js/cross_framing_protection.js b/js/cross_framing_protection.js new file mode 100644 index 000000000..e69d162b3 --- /dev/null +++ b/js/cross_framing_protection.js @@ -0,0 +1,20 @@ +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * Conditionally called from libraries/header_scripts.inc.php + * if third-party framing is not allowed + * + */ + +try { + // can't access this if on a different domain + var topdomain = top.document.domain; + // double-check just for sure + if (topdomain != self.document.domain) { + alert("Redirecting..."); + top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1)); + } +} +catch(e) { + alert("Redirecting... (error: " + e); + top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1)); +} diff --git a/libraries/header_scripts.inc.php b/libraries/header_scripts.inc.php index bcb6528b3..6a4aacb47 100644 --- a/libraries/header_scripts.inc.php +++ b/libraries/header_scripts.inc.php @@ -18,23 +18,7 @@ require_once './libraries/common.inc.php'; // Cross-framing protection if ( false === $GLOBALS['cfg']['AllowThirdPartyFraming']) { ?> - +