You are here

function _seckit_get_js_css_noscript_code in Security Kit 6

Same name and namespace in other branches
  1. 7 seckit.module \_seckit_get_js_css_noscript_code()

Gets JavaScript and CSS code.

Return value

string

2 calls to _seckit_get_js_css_noscript_code()
SecKitTestCase::testJSCSSNoscript in ./seckit.test
Tests JS + CSS + Noscript protection.
_seckit_js_css_noscript in ./seckit.module
Enables JavaScript + CSS + Noscript Clickjacking defense.

File

./seckit.module, line 471
Allows administrators to improve security of the website.

Code

function _seckit_get_js_css_noscript_code() {
  $options = _seckit_get_options();
  $message = filter_xss($options['seckit_clickjacking']['noscript_message']);
  $path = base_path() . drupal_get_path('module', 'seckit');
  return <<<EOT
      // close script tag for SecKit protection
      //--><!]]>
      </script>
      <script type="text/javascript" src="{<span class="php-variable">$path</span>}/js/seckit.document_write.js"></script>
      <link type="text/css" rel="stylesheet" id="seckit-clickjacking-no-body" media="all" href="{<span class="php-variable">$path</span>}/css/seckit.no_body.css" />
      <!-- stop SecKit protection -->
      <noscript>
      <link type="text/css" rel="stylesheet" id="seckit-clickjacking-noscript-tag" media="all" href="{<span class="php-variable">$path</span>}/css/seckit.noscript_tag.css" />
      <div id="seckit-noscript-tag">
        <h1>{<span class="php-variable">$message</span>}</h1>
      </div>
      </noscript>
      <script type="text/javascript">
      <!--//--><![CDATA[//><!--
      // open script tag to avoid syntax errors
EOT;
}