| | |
|---|
| | | for (n in this.gui_objects) |
|---|
| | | this.gui_objects[n] = rcube_find_object(this.gui_objects[n]); |
|---|
| | | |
|---|
| | | // clickjacking protection |
|---|
| | | if (this.env.x_frame_options) { |
|---|
| | | try { |
|---|
| | | // bust frame if not allowed |
|---|
| | | if (this.env.x_frame_options == 'deny' && top.location.href != self.location.href) |
|---|
| | | top.location.href = self.location.href; |
|---|
| | | else if (top.location.hostname != self.location.hostname) |
|---|
| | | throw 1; |
|---|
| | | } catch (e) { |
|---|
| | | // possible clickjacking attack: disable all form elements |
|---|
| | | $('form').each(function(){ ref.lock_form(this, true); }); |
|---|
| | | this.display_message("Blocked: possible clickjacking attack!", 'error'); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // init registered buttons |
|---|
| | | this.init_buttons(); |
|---|
| | | |
|---|
