You are here

Home » API reference » Security Kit 8 » SecKitEventSubscriber.php » SecKitEventSubscriber

public function SecKitEventSubscriber::seckitGetJsCssNoscriptCode in Security Kit 8

Same name and namespace in other branches
  1. 2.x src/EventSubscriber/SecKitEventSubscriber.php \Drupal\seckit\EventSubscriber\SecKitEventSubscriber::seckitGetJsCssNoscriptCode()

Gets JavaScript and CSS code.

Return value

string Return the js and css code.

1 call to SecKitEventSubscriber::seckitGetJsCssNoscriptCode()
SecKitEventSubscriber::seckitJsCssNoscript in src/EventSubscriber/SecKitEventSubscriber.php
Enables JavaScript + CSS + Noscript Clickjacking defense.

File

src/EventSubscriber/SecKitEventSubscriber.php, line 405

Class

SecKitEventSubscriber
Subscribing an event.

Namespace

Drupal\seckit\EventSubscriber

Code

public function seckitGetJsCssNoscriptCode($noscript_message = NULL) {

  // Allows noscript automated testing.
  $noscript_message = $noscript_message ? $noscript_message : $this->config
    ->get('seckit_clickjacking.noscript_message');
  $message = Xss::filter($noscript_message);
  $path = base_path() . drupal_get_path('module', 'seckit');
  return <<<EOT
        <script type="text/javascript" src="{<span class="php-variable">$path</span>}/js/seckit.document_write.js"></script>
        <link type="text/css" rel="stylesheet" id="seckit-clickjacking-no-body" media="all" href="{<span class="php-variable">$path</span>}/css/seckit.no_body.css" />
        <!-- stop SecKit protection -->
        <noscript>
        <link type="text/css" rel="stylesheet" id="seckit-clickjacking-noscript-tag" media="all" href="{<span class="php-variable">$path</span>}/css/seckit.noscript_tag.css" />
        <div id="seckit-noscript-tag">
          {<span class="php-variable">$message</span>}
        </div>
        </noscript>
EOT;
}